Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Laravel Sanctum auth:sanctum middleware with Angular SPA unauthenticated response

I have an application that has the following setup:

Laravel

Host: appname.local:8000

Environment variables:

  • SESSION_DRIVER=database
  • SESSION_LIFETIME=480
  • SESSION_CONNECTION=mysql
  • SESSION_DOMAIN=.appname.local
  • SESSION_SECURE_COOKIE=false
  • SESSION_COOKIE=appnameapi_session
  • SANCTUM_STATEFUL_DOMAINS='.appname.local,localhost,127.0.0.1'

Angular

Host: appname.local:4200

What works at the moment:

  • I can call Sanctum's csrf-cookie endpoint which sets the CSRF token in my browser.
  • I then can call my API's login endpoint to authenticate the user in my Laravel app using Auth::attempt(). This create a new entry in the sessions table as seen below

Angular methods to get token and authenticate user Angular methods to get token and login

Session database entry after successful authentication Session database entry after successful authentication

What does not work:

Subsequent requests to routes that are protected by the following middleware: auth:sanctum all result in unauthenticated responses. The HTTP requests never make it to my controllers.

auth:sanctum protected routes auth:sanctum protected routes

But I can see in the developer's console that the cookies are being sent. So I don't understand why Sanctum isn't picking up the auth enter image description here

I've followed several tutorials and I can't seem to understand why Laravel's Authenticate middleware is unable to see that I've already authenticated my user.

Does anyone know what I could be doing wrong?

like image 571
Gloire Avatar asked Dec 22 '22 18:12

Gloire


2 Answers

The answers provided by @agm1984 and @Eden Webstudio were quite useful. However, they did not solve my issue.

After additional debugging, I noticed that sanctum's guard logic looks for a guard in config/sanctum.php. Its default value is web. My default guard for the protected routes is the api guard which is the guard that I used during the authentication process. enter image description here

After setting the guard key in config/sanctum.php with 'api' the authentication seems to be working smoothly. To be honest, I can't remember why I decided to the session driver for my api guard.

config/sanctum.php config/sanctum.php

config/auth.php

config/auth.php

like image 57
Gloire Avatar answered Dec 28 '22 10:12

Gloire


Laravel Sanctum doesn't appear to support wildcard domains for the SPA.

Try removing the dot.

SANCTUM_STATEFUL_DOMAINS='appname.local'

You may need a different solution for wildcard subdomains. You could look at bearer token option. I haven't tested this though.

like image 25
Eden WebStudio Avatar answered Dec 28 '22 09:12

Eden WebStudio