Code Monkey home page Code Monkey logo

Comments (4)

alexzarbn avatar alexzarbn commented on May 20, 2024 1

Hi @axtg,

It basically depends on where you would perform the authentication from. Is it a first-party SPA? A mobile app? Another backend service?

In most cases, I highly suggest using Sanctum (Cookie for first-party SPA, Bearer token for mobile apps), because it provides literally everything you need.

However, if you plan to make your app an OAuth identity provider, then Passport should be the way to go from the very beginning.

from laravel-orion.

axtg avatar axtg commented on May 20, 2024 1

Wow. Okay, so this took me a while.
Stateless was working okay, with the Sanctum bearer token. But stateful (for SPA) did not work. And finally, I figured it out. The ensurefrontendarestateful middleware checks for the referer of the request. So without that added to the Header it doesn't work. Hope that might help someone else when testing through Postman or Insomnia.

All good now.

from laravel-orion.

axtg avatar axtg commented on May 20, 2024

@alexzarbn Appreciate that line of thought. So here is what I tried doing in Insomnia after installing Sanctum:

  1. Call /sanctum/csrf-cookie/ to get the cookie
  2. Call /login (successfully) with the x-xsrf-token in the header and user details as post vars (Fortify controller)
  3. Call /api/user (OrionResource) with the x-xsrf-token in the header

Step 3 gives me an unauthenticated message. If I try the Bearer token for the user, it does work. So I tried changing in api.php the guard to auth:web, but that does not work. That beggs the question, can I use a single API endpoint for both a SPA and external app (e.g. Zapier/ Integromat)? I'd live to give my fictive users the opportunity to do so.

But I think I am missing one crucial point about Sanctum.

Thanks for the help!

from laravel-orion.

alexzarbn avatar alexzarbn commented on May 20, 2024

@axtg Please read Sanctum's Configuration and Orion's Authorization documentation.

Yes, you can use the same endpoint, the only difference would be the way you authenticate: from within your app - it is a first-party authorization using cookie, from any external service - it can be a personal access token.

from laravel-orion.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.