[8.x] Don't recommend legacy Passport grants anymore (laravel#7625)

* Update passport.md * Update passport.md * Update passport.md Co-authored-by: Taylor Otwell <[email protected]>
Alanaktion · Jan 25, 2022 · bc890b3 · bc890b3
1 parent 4d3b007
commit bc890b3
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/passport.md b/passport.md
@@ -633,6 +633,8 @@ If the state parameter matches, the consumer should issue a `POST` request to yo
 <a name="password-grant-tokens"></a>
 ## Password Grant Tokens
 
+> {note} We no longer recommend using password grant tokens. Instead, you should choose [a grant type that is currently recommended by OAuth2 Server](https://oauth2.thephpleague.com/authorization-server/which-grant/).
+
 The OAuth2 password grant allows your other first-party clients, such as a mobile application, to obtain an access token using an email address / username and password. This allows you to issue access tokens securely to your first-party clients without requiring your users to go through the entire OAuth2 authorization code redirect flow.
 
 <a name="creating-a-password-grant-client"></a>
@@ -745,6 +747,8 @@ When authenticating using the password grant, Passport will use the `password` a
 <a name="implicit-grant-tokens"></a>
 ## Implicit Grant Tokens
 
+> {note} We no longer recommend using implicit grant tokens. Instead, you should choose [a grant type that is currently recommended by OAuth2 Server](https://oauth2.thephpleague.com/authorization-server/which-grant/).
+
 The implicit grant is similar to the authorization code grant; however, the token is returned to the client without exchanging an authorization code. This grant is most commonly used for JavaScript or mobile applications where the client credentials can't be securely stored. To enable the grant, call the `enableImplicitGrant` method in the `boot` method of your application's `App\Providers\AuthServiceProvider` class:
 
     /**