I have laravel 8 backend app, serving as API for frontend using Vue 3
In my routes/api.php I have
Route::post('/teachers', [TeacherController::class, 'index'])->name('teachers');
This will return list of teachers to be used in VueJS.
How do I restrict so that only my VueJS app can access api/teachers ? I successfully hitting the api above using POSTMAN, which I expect it to be failed.
I have laravel sanctum installed, although i'm not so sure whether this is something sanctum can help with.
Thanks
Related
I'm using api in a laravel project
and this project contains multiple laravel apps
one of these apps called auth which is responsible of authentication in other apps
me want to request form another apps to this app for login and authorize users
and i'm using livewire and jetstream in auth app and guzzle php package in another apps for api requests
however i need to use fortify function for login when request receive from another apps
but i dont know this function is exist or i have to create this function and what the way for this work?
if you know a better way, let me know , thank you
I am newbie with laravel.
I understand that in order to protect routes, you have to first check if a user is authenticated and a session is made. thus, we apply auth middleware in the web routes.
However, I am trying to implement laravel passport and now I am not able to proceed to my routes anymore since I have been authenticated using the passport.
My question is that is it possible to secure the web routes with passport token instead of laravel session? and if so, how one should do it?
Thanks, sorry for english, not native speaker.
Laravel passport is for API routes not for web routes you can use laravel session for web
for more details read it's documentation
https://laravel.com/docs/8.x/passport
I know that with JWT, you can decode the token and get the details from it. In doing so you can validate in your standalone frontend app.(eg Vue js)
Is there a way to do the same thing with laravel sanctum with an SPA not on the same domain? If yes please how?
I am building a SPA website with Laravel for back-end and VueJS for front-end. And now I want to authenticate users in my website. So I used Laravel Passport for that. My question is that how should I keep user access token and refresh token in vue to make another requests for authentication required routes? Thanks in advance :)
I'm just new to laravel passport so it is kind of confusing to me. I have watched Taylor otwell tut on passport but still I am not able to figure out that Is it possible to authenticate an angular app with laravel passport?
What I want to do is build a Full SPA application with angular 2 as frontend and laravel 5.3 as back-end. I've used JWT for authentication with laravel on version 4.2 but just want to know if it is do able through laravel passport.
Your comments and answers will be appreciated.
Thanks
Yes it is possible but it's also more complicated then it was in Angular 1.
This entry could be helpful:
Angular2 - set headers for every request
because you need to pass CSRF token to the app to consume your application as it's written here:
https://laravel.com/docs/5.3/passport#consuming-your-api-with-javascript