I'm currently learning how to create an API in Laravel and I found myself into this confusing concepts. After a few days of research and practice, I could finally understand enough this concepts to make a mini-guide. I had to look into a lot of separate webpages so I will make my best attempt to explain the relationship between them.
In other words:
What should you use?
It would be crazy for a beginner to create its own Oauth2 implementation compatible with Laravel. Oauth2 out. All we have remeaning is three package options. Passport, tymondesigns/jwt-auth and Auth0.
JWT (tymondesigns/jwt-auth package) is fine to create just an email and password authentication. Though, if you use Passport for a basic email and password auth, you don't have to worry of having a "Oauth2 implementation" affect the performance of your app(That it's not alot). The difference comes when all that intimidating migration tables and routes are generated by Passport, but with a bit of practice you'll get to understand them. Auth0 seems to be fast to set up but in some of the use cases it may be too exagerated besides not feeling the securness of working with a community laravel package.
The real match comes between Auth0 and Passport. Auth0 is a Swiss army knife compared to Passport. You would have a really good dashboard straight out of the box which will allow you to manage all aspects of your api. From third party authentication to add more apps(mobile, web, desktop ) that can consume that api. Passport could be compared with a more delicate knife. It was built specially for Laravel and in the long run you can implement your own nice and custom dashboard to manage your api clients.
Conclusion
I think that the real choice has to be between Passport and Auth0. It depends on you if you want to build an api in Laravel or you'll be more into the api world than into Laravel. In my case, I prefer Passport than Auth0 and at the end JWT. The reasons are:
Still talking about the last point, some may say that Auth0 community is small. It basically is. But also it has an awesome client support personnel.
Tutorials on Passport and Oauth2
Laravel and Oauth2 Docs explanation of tokens might be a little difficult. Here is a Good Explanation of Passport's(therefore Oauth2) Different Types of Tokens and Their Use Cases. Since I couldn't figure out the "routes" part of the tutorial I wouldn't recommend the tutorial part.
This is a Good Passport Video Tutorial which also uses the PostMan Chrome app for API calls. For those of you who are new to this API stuff, apps like PostMan will make your work a lot easier than using a "curl" Linux/Mac command. You could watch the complete series or just the Passport part. At the moment I'm stuck on video 4. Here's my currently unsolved Stack Overflow question.
Resources
Many of the resources are all spread above in the article but I also have some here.
