Comments (7)
If you're already using Passport (and you need oauth) then continue using Passport... you don't NEED Airlock for stateful authentication, as Passport can provide it for you. See https://laravel.com/docs/5.8/passport#consuming-your-api-with-javascript
On the other hand, if you don't need oauth... then get rid of passport and use airlock instead.
If you're keen on keeping both (or need to), HasApiTokens
could differ between Passport and Airlock (if it doesn't already, I haven't checked) so I'd use the one you plan on implementing instead of assuming they're the same.
To answer the second half of your question, you don't need any special or custom login methods to return tokens for a first party frontend. Assuming you're using a default laravel auth scheme, you simply use AuthenticatesUsers
in your AuthController
and then from your SPA login page:
- GET /airlock/csrf-cookie, then (if you receive a 204 response):
- POST /login with { email: '[email protected]', password: 'abc123' }
If you get a 200 OK from /login, then you're authenticated (which means the cookie has been created and there's a valid session associated with it) and subsequent requests will succeed.
from sanctum.
Also, is it possible to use airlock with things like telescope?
from sanctum.
Please see the answers by @bcorcoran
from sanctum.
@bcorcoran okay, that makes sense I suppose, but how do I go about getting the CSRF cookie from passport as it's only recommended to inject it when serving the front-end, however, my front-end is served by another server entirely.
Also if that's the case, why does airlock even support or mention passport at all? shouldn't it be a "use airlock OR passport, not both"
from sanctum.
@KieronWiltshire you don't in that scenario. Passport isn't designed in that way. Airlock, however, is... hence the /airlock/csrf-cookie
route.
If you want to use Passport for something like this, you need to deal with storing the token on the client and keep passing it back to the server for every request.
With Airlock, you're authenticating & receiving a cookie and as long as you have the domain in the airlock whitelist, it will be valid.
from sanctum.
@bcorcoran so I guess I need to use both then?
from sanctum.
@KieronWiltshire I don't know- I don't know the requirements of your application and this really isn't the place for this kind of support. That being said, if you need oauth... then keep Passport. If you don't, get rid of Passport and use Airlock.
If you're asking if you need Passport and Airlock together to authenticate a frontend on another server... no, you only need Airlock.
from sanctum.
Related Issues (20)
- The AuthenticateSession middleware assumes that the user has a password HOT 2
- Support expiration by seconds HOT 1
- Guest middleware not working properly with Sanctum + Inertia (+ Vue) HOT 1
- Auth guard [sanctum] is not defined. HOT 1
- Direct links to API routes HOT 1
- Migration file conflicts HOT 1
- Standalone tokens (without user model / tokenable_type relationship) HOT 1
- Update from 2.x to 3.x - isValidBearerToken() - ctype_digit() HOT 1
- SPA authentication leads to '400: bad request error' HOT 1
- Update to Laravel 11 causes 401 issues when using stateful domains HOT 1
- Issue with overriding default model HOT 1
- Could we have a more descriptive method on the request to access the model? HOT 2
- supportsToken is tied to a specific implementation detail HOT 7
- Unable to validate password using validation rules HOT 3
- Only in Sanctum 3 - Fix/unable to logout HOT 1
- Sanctum v3.3 - unable to logout HOT 1
- Sanctum should not change session config HOT 3
- Login succeeded, log out, then log in to another account error
- Handle JSON Response in guest Middleware - RedirectIfAuthenticated out of the box HOT 1
- Unauthenticated or infinite loop HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sanctum.