What are these concepts?

这些是什么概念？

• Passportis an official Laravel package that implements Oauth2 and JWT.
• Auth0is an authentication and authorization service. It is kinda "all in one" solution for API auth. It implements JWT by default and can implement Oauth2 as well as many other protocols.
• OAuth2 is an authorization framework or protocol that enables applications(the ones you're going to build)to give limited access to user accounts such as Facebook, GitHub, etc... Imagine that your app grew big enough to offer a "Sign in with APP NAME HERE" or provide limited access to your users account to other third-party applications. With Oauth2 you can achieve this among many other things.
• JWTis a token format. In other words, it is how data will be arranged to create a token. Another token format would be SWT.

• Passport是一个官方的 Laravel 包，它实现了 Oauth2 和 JWT。
• Auth0是一种身份验证和授权服务。它是 API 身份验证的“一体化”解决方案。它默认实现 JWT 并且可以实现 Oauth2 以及许多其他协议。
• OAuth2 是一种授权框架或协议，它使应用程序（您将要构建的应用程序）能够对用户帐户（如 Facebook、GitHub 等）进行有限访问……想象一下，您的应用程序变得足够大以提供“登录使用 APP NAME HERE”或为其他第三方应用程序提供对您的用户帐户的有限访问权限。使用 Oauth2，您可以在许多其他方面实现这一目标。
• JWT是一种令牌格式。换句话说，就是如何安排数据以创建令牌。另一种令牌格式是 SWT。

In other words:

换句话说：

• Passport implements -> Oauth2 and JWT.
• Auth0 can implement -> Oauth2 or many other protocols like LDAP, OPEN ID, etc...
• Oauth2 can implement -> JWT or other token formats like SWT...

• Passport 实现 -> Oauth2 和 JWT。
• Auth0 可以实现 -> Oauth2 或许多其他协议，如 LDAP、OPEN ID 等...
• Oauth2 可以实现 -> JWT 或其他令牌格式，如 SWT...

What should you use?

你应该用什么？

Not only it would be crazy for a beginner to create its own Oauth2 implementationcompatible with Laravel, but also chances are that if you're reading this is because you don't know exactly how to all the Oauth2 complexity. Oauth2 out.All we have remeaning is three package options. Passport, tymondesigns/jwt-authand Auth0.

对于初学者来说，创建自己的与 Laravel 兼容的 Oauth2 实现不仅会很疯狂，而且很有可能，如果您正在阅读本文，是因为您不完全了解 Oauth2 的所有复杂性。Oauth2 出来了。我们所指的只是三个套餐选项。Passport、tymondesigns/jwt-auth和Auth0。

Before continuing, let me note that when I refer to 'JWT' or 'plain JWT' I really mean to the tymondesigns/jwt-authpackage.The real match comes between Auth0, Passport and plain JWT...

在继续之前，让我注意，当我提到“JWT”或“普通 JWT”时，我真正指的是tymondesigns/jwt-auth包。真正的匹配发生在 Auth0、Passport 和普通 JWT 之间……

Auth0is a Swiss army knife compared to Passport and JWT. This knife is an all in one solution. It can do a lot of stuff on its own plus some extras that you might never need without depending on Laravel or other frameworks. To not extend this too long, let me just say that it can do whatever you could possibly imagine as an API beginner. Also, you would have a really good dashboard straight out of the box which will allow you to manage all aspects of your API. From third-party authentication to add more apps (mobile, web, desktop) that can consume that API.

与 Passport 和 JWT 相比，Auth0是一把瑞士军刀。这把刀是一个多合一的解决方案。它可以自己做很多事情，加上一些你可能永远不需要的额外功能，而不依赖于 Laravel 或其他框架。为了不把它扩展得太久，我只想说它可以做任何你可以想象的 API 初学者。此外，您将拥有一个非常好的开箱即用的仪表板，它允许您管理 API 的所有方面。从第三方身份验证到添加更多可以使用该 API 的应用程序（移动、网络、桌面）。

Passportcould be compared with a more delicate knife. Its creators knew what it will cut and designed it specifically for those tasks. In other words, it was built especially for Laravel to work smoothly and flawlessly without having many bells and whistles bothering around. Though, don't forget that in the long run you can implement your own code on top of it. Like a nice and custom dashboard to manage your API clients.

护照可以比作一把更精致的刀。它的创造者知道它将切割什么并专门为这些任务设计它。换句话说，它是专为 Laravel 构建的，它可以顺利和完美地工作，而不会受到许多花里胡哨的困扰。不过，请不要忘记，从长远来看，您可以在其上实现自己的代码。就像一个漂亮的自定义仪表板来管理您的 API 客户端。

Finally, back to the knife analogy, I like to compare JWTwith a sharpened blade without any fancy extras. It's lightweight, functional, secure and does its job. You get the benefit that you will not have to worry about all extras that the other packages add. Furthermore, you can upgrade this knife however you want due to its flexibility or even switch to another package if you need a heavier upgrade.

最后，回到刀的比喻，我喜欢将JWT与锋利的刀片进行比较，没有任何花哨的附加功能。它重量轻、功能强大、安全可靠，并能胜任。您获得的好处是您不必担心其他软件包添加的所有额外内容。此外，由于其灵活性，您可以随心所欲地升级这把刀，如果您需要更重的升级，甚至可以切换到另一个包。

Conclusion

结论

It depends on you, if you want to cut everything that might be thrown at you and stay more in the API world than in Laravel (Auth0), narrow down to the focus of Laravel and Oauth2 for third party authentications (Passport)or have a basic secure data transfer out of the box via API (JWT). And yes... You can also link your app to your mobile app with the three of them.

这取决于你，如果你想削减所有可能扔给你的东西并留在 API 世界而不是 Laravel (Auth0)，缩小到 Laravel 和 Oauth2 的第三方身份验证(Passport)的重点，或者有一个通过 API (JWT) 开箱即用的基本安全数据传输。是的...您还可以使用其中三个将您的应用程序链接到您的移动应用程序。

Personally I prefer Passport because:

我个人更喜欢 Passport 因为：

• I like to work with the official Laravel packages.
• Besides the many extra routes and tables added to my project, its performance will not be affected.
• If I started with the most basic API auth and wanted to scale, it would be much easier.
• The coziness of working with a Laravel Package.

• 我喜欢使用官方的 Laravel 包。
• 除了添加到我的项目中的许多额外路由和表外，其性能不会受到影响。
• 如果我从最基本的 API 身份验证开始并想要扩展，那会容易得多。
• 使用 Laravel 包的舒适度。

Still talking about the last point, some may say that Auth0 community is small. It basically is, but also it has awesome client support personnel.

还是说最后一点，可能有人会说Auth0社区小。它基本上是，但它也有很棒的客户支持人员。

Tutorials on Passport and Oauth2

Passport 和 Oauth2 教程

Laravel and Oauth2 Docs explanation of tokens might be a little difficult. Here is a Good Explanation of Passport's(therefore Oauth2) Different Types of Tokens and Their Use Cases. Since I couldn't figure out the "routes" part of the tutorial I wouldn't recommend the tutorial part.

Laravel 和 Oauth2 Docs 对令牌的解释可能有点困难。这是Passport 的（因此是 Oauth2）不同类型的令牌及其用例的一个很好的解释。由于我无法弄清楚教程的“路线”部分，因此我不推荐教程部分。

This is a Good Passport Video Tutorialwhich also uses the PostMan Chrome app for API calls. For those of you who are new to this API stuff, apps like PostMan will make your work a lot easier than using a "curl" Linux/Mac command. You could watch the complete series or just the Passport part. At the moment I'm stuck on video 4. Here's my Stack Overflow question.

这是一个很好的 Passport 视频教程，它也使用 PostMan Chrome 应用程序进行 API 调用。对于那些不熟悉这个 API 的人来说，像 PostMan 这样的应用程序会让你的工作比使用“curl”Linux/Mac 命令容易得多。您可以观看完整的系列或仅观看 Passport 部分。目前我被困在视频 4 上。这是我的 Stack Overflow 问题。

Resources

资源

Many of the resources are all spread above in the article but I also have some here.

许多资源都在文章上面展开，但我在这里也有一些。

• Stack Overflow JWT vs Oauth
• Auth0 explanation of Oauth2
• An Introduction to OAuth2
• OAuth2 Simplified

• 堆栈溢出 JWT 与 Oauth
• Oauth2的Auth0解释
• OAuth2 简介
• OAuth2 简化版