admin管理员组

文章数量:1122846

I have been using laravel backpack for my project using default bootstrap jquery. Using the default login form of laravel backpack, I am able to login. My question is, how could I use Laravel Sanctum to protect my VUEJS app with the logged in data of laravel backpack?

# .env
SANCTUM_STATEFUL_DOMAINS=localhost,127.0.0.1:8000
SESSION_DOMAIN=localhost
SESSION_DRIVER=cookie

bakpack base.php

'guard' => 'web',

kernel.php

'api' => [
        \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        'throttle:api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

app.js

 axios.defaults.withCredentials = true;

 axios.get('/sanctum/csrf-cookie').then(() => {
  axios.get('/api/user').then(response => {
    console.log(response.data);
  });
});

Here is my api.php

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
  return $request->user();
});

the /sanctum/csrf-cookie has a CSRF-TOKEN header and successful but the /api/user returns 401.

How to fix this?

I have been using laravel backpack for my project using default bootstrap jquery. Using the default login form of laravel backpack, I am able to login. My question is, how could I use Laravel Sanctum to protect my VUEJS app with the logged in data of laravel backpack?

# .env
SANCTUM_STATEFUL_DOMAINS=localhost,127.0.0.1:8000
SESSION_DOMAIN=localhost
SESSION_DRIVER=cookie

bakpack base.php

'guard' => 'web',

kernel.php

'api' => [
        \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        'throttle:api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

app.js

 axios.defaults.withCredentials = true;

 axios.get('/sanctum/csrf-cookie').then(() => {
  axios.get('/api/user').then(response => {
    console.log(response.data);
  });
});

Here is my api.php

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
  return $request->user();
});

the /sanctum/csrf-cookie has a CSRF-TOKEN header and successful but the /api/user returns 401.

How to fix this?

  • laravel
  • laravel-backpack
Share Improve this question edited Nov 23, 2024 at 2:33 smzapp asked Nov 22, 2024 at 11:06 smzappsmzapp 8292 gold badges15 silver badges38 bronze badges
Add a comment  | 

1 Answer 1

Reset to default 0

Backpack's authentication uses a completely separate authentication driver, provider, guard and password broker. They're all named backpack.

If you need a separate login/auth for the front user, go ahead and set up Sanctum regularly.

I also want to highlight that Laravel Sanctum supports both

  • Token-based auth
  • and "stateful" authentication using Laravel session cookies.

I'm using it on my project(Laravel+Sanctum+Backpack+lighthouse-php(graphQL API)). But yes, the sanctum has a learning curve. I choose to keep it stateful, so I don't need to bother about key storing and protecting on the client side. AFAIR, The following two .env attributes helped to make it stateful

SESSION_DOMAIN=.get-set-sold.test
SANCTUM_STATEFUL_DOMAINS=.get-set-sold.test

本文标签: Use Sanctum in laravel backpack authenticationStack Overflow

版权声明:本文标题:Use Sanctum in laravel backpack authentication - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736304174a1932141.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。