Folks,
I'm trying to develop a PHP API (Laravel) to consume it both in my SITE (angular) and in the mobile applications that I'm going to develop. However, I'm having trouble implementing a secure authentication that allows me to update user session time.
I have already done a search and noticed that staff recommends using OAUTH 2 with grant type PASSWORD or IMPLICIT. However, since it is a javascript application I can not leave the client_secret available, making the grant type PASSWORD unviable. On the other hand, I could not use the grant type IMPLICIT because of the absence of REFRESH_TOKEN (which also needs to pass client_secret).
I can not think of a solution to the problem and I count on the support of the community to find a solution.
Note: Only applications developed by me can access API features.