I am newbie with laravel.
I understand that in order to protect routes, you have to first check if a user is authenticated and a session is made. thus, we apply auth middleware in the web routes.
However, I am trying to implement laravel passport and now I am not able to proceed to my routes anymore since I have been authenticated using the passport.
My question is that is it possible to secure the web routes with passport token instead of laravel session? and if so, how one should do it?
Thanks, sorry for english, not native speaker.
Laravel passport is for API routes not for web routes you can use laravel session for web
for more details read it's documentation
https://laravel.com/docs/8.x/passport
Related
To be honest, I don't understand the concept of Laravel Sanctum. Before there was Sanctum, people used JWT. That always worked very well. In other frameworks in the Node context, I only use JWT. I am very confused by the paragraph about the SPA Auth (https://laravel.com/docs/9.x/sanctum#how-it-works-spa-authentication). It talks about Sanactum also using the web auth. Does that mean that if I log in via the web route (auth), I can also use the api route (auth:sanctum)?
Thanks! Max
the more I read about Laravel Spa (Vue) authentication, the more I ask myself about the "best way" to authenticate with Sanctum.
Official Laravel documentation says:
For this feature, Sanctum does not use tokens of any kind. Instead,
Sanctum uses Laravel's built-in cookie based session authentication
services. This approach to authentication provides the benefits of
CSRF protection, session authentication, as well as protects against
leakage of the authentication credentials via XSS.
But a lot of videos on YouTube or other tutorials on the internet all using (bearer) tokens which sounds contradictory to me. I mean, just using a single token for authentication seems to be a bit unsafe to me.
Also, some of those people defined "login" and "register" routes directly into Laravels route file, instead of using Vue router.
I'm using Laravel 8, VueJS 3 and Vuex 4.
So, what do you think: Am I on the right way by using Vue routes and sanctum authentication using cookies or not? And why?
Thank you, I appreciate that.
I am going to build an SPA with Laravel and Vuejs.
Since this will be my first large application using this combination, I had some questions that I wanted to ask because I didn't find a clear answer:
1: Authentication. When searching on the internet I found a lot of topics about authenticating with a JWT token. What is the advantage of using such a token instead of normal authentication? If I authenticate in the "normal" way and check for auth()->check() in my application I have the same result no?
2: Routing. Since I will be using Vue-router, my application will have Vue and Laravel based routes. Does that mean that the Laravel routes are defined as API calls? And should they be in the API route group then? Or are they just normal routes that belong to the application?
JWT tokens have some advantages over traditional session base authentication. For example you don store session data on server and save server resources , jwt tokens are available in your request amoung multiple servers and so on...
For further reading check this article :
https://float-middle.com/json-web-tokens-jwt-vs-sessions/
2.Yes you should use laravel routes as restful apis
I am building a SPA website with Laravel for back-end and VueJS for front-end. And now I want to authenticate users in my website. So I used Laravel Passport for that. My question is that how should I keep user access token and refresh token in vue to make another requests for authentication required routes? Thanks in advance :)
I know passport uses oAuth, but my question is.. is it better to use Passport for Auth (Login and Register) or should i use jwt for login and register and Passport for external API requests... or use passport for both (User API and Login/AUTH)
Now i'm programming a SPA website with laravel and VueJs 2, i'm stuck in this.
Laravel Passport does, in fact, use JWT so comparing "JWT vs Passport" is kind of wrong.
You can use Laravel Passport for everything you mentioned - logging in, registering (not built-in in Passport but easy to add) and protecting external API requests.