Comments (4)
Hi @axtg,
It basically depends on where you would perform the authentication from. Is it a first-party SPA? A mobile app? Another backend service?
In most cases, I highly suggest using Sanctum (Cookie for first-party SPA, Bearer token for mobile apps), because it provides literally everything you need.
However, if you plan to make your app an OAuth identity provider, then Passport should be the way to go from the very beginning.
from laravel-orion.
Wow. Okay, so this took me a while.
Stateless was working okay, with the Sanctum bearer token. But stateful (for SPA) did not work. And finally, I figured it out. The ensurefrontendarestateful middleware checks for the referer of the request. So without that added to the Header it doesn't work. Hope that might help someone else when testing through Postman or Insomnia.
All good now.
from laravel-orion.
@alexzarbn Appreciate that line of thought. So here is what I tried doing in Insomnia after installing Sanctum:
- Call /sanctum/csrf-cookie/ to get the cookie
- Call /login (successfully) with the x-xsrf-token in the header and user details as post vars (Fortify controller)
- Call /api/user (OrionResource) with the x-xsrf-token in the header
Step 3 gives me an unauthenticated message. If I try the Bearer token for the user, it does work. So I tried changing in api.php the guard to auth:web, but that does not work. That beggs the question, can I use a single API endpoint for both a SPA and external app (e.g. Zapier/ Integromat)? I'd live to give my fictive users the opportunity to do so.
But I think I am missing one crucial point about Sanctum.
Thanks for the help!
from laravel-orion.
@axtg Please read Sanctum's Configuration and Orion's Authorization documentation.
Yes, you can use the same endpoint, the only difference would be the way you authenticate: from within your app - it is a first-party authorization using cookie, from any external service - it can be a personal access token.
from laravel-orion.
Related Issues (20)
- Error on viewAny policy in relation controller routes
- Please add an ability to use Alova.js instead Axios for Orion.makeHttpClientUsing(...) HOT 1
- Modular (non-standard) app architectures
- Case-insensitive does not work with JSON field type HOT 1
- filterableBy nested relation: Call to undefined method HOT 1
- Using 'include' on PATCH/update requests give "1054 Unknown column 'include' in 'field list' " HOT 1
- How can i set default get record order by id descending order? HOT 1
- Call to a member function requestedRelations() on null HOT 1
- GET request pending after STORE operation on IOS ONLY HOT 1
- Sorting included relationships HOT 1
- Regression: impossible to call sub-relations with the QueryBuilder HOT 4
- Can't use 'max_nested_depth' => 1 with in Request HOT 4
- Unable to Publish Vendor Config in Laravel-Orion HOT 1
- Including more content in the OpenAPI 3 specs HOT 1
- Customize Database Driver HOT 1
- artisan orion:specs does not work HOT 2
- Search endpoint not present HOT 6
- Documentation error: Access level to [Controller]::filterableBy() must be public (as in class Orion\Http\Controllers\BaseController) HOT 1
- Custom Resource not working HOT 2
- Meilisearch Compatibility HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from laravel-orion.