Develop Reference

laravel fortify sanctum SPA issues on forge

My setup is working properly locally but apparently I'm getting a 401 issue on laravel forge for my laravel-fortify-sanctum
basically I use laravel fortify for authentication then sanctum to get a token after authentication process.
it works properly on my local setup but in laravel forge it's saying I'm still Unaunthenticated
laravel forge domains
api.domain.com
frontend.domain.com
SESSION_DRIVER=cookie
SESSION_DOMAIN=.domain.com
SANCTUM_STATEFUL_DOMAINS=*.domain.com
Am I missing something?

AJAX request to Laravel backend returns 419 CSRF token mismatch

I'm creating a SPA using NextJS and I have a Laravel backend for my API. To authenticate my SPA I'm using laravel sanctum.
My API is on api.domain.com and my app is on domain.com
I've set these environment variables which are relevant to this issue:
SESSION_DRIVER=cookie
SESSION_DOMAIN=.domain.com
SANCTUM_STATEFUL_DOMAINS="domain.com"
When I log in I make a request to /sanctum/csrf-cookie to get my CSRF cookie, and I can see in my following requests I am sending the X-XSRF-TOKEN header with the value from the cookie.
I'm wondering if anyone else has had a similar issue with CSRF mismatches when using sanctum on different subdomains?

OK what ended up fixing my issue is changing the name of my session cookie to something without an underscore, very weird!

Using Laravel sanctum for Laravel default authentication returns 419 error code

I am using Laravel Sanctum for making authentication. I don't have any SPA application and I want to have Laravel Sanctum for having default authentication.
I have followed the documentation but I've got 419 error code.

If you try to logging to system with Cookie Base application you should add CSRF to your application. And you do not have to use Laravel/Sanctum package if you will not separate your application parts with wildcards. Just use sessions instead of it.

Laravel Passport is failing to validate my newly generated token

Suddenly my application stopped working when trying to access endpoints protected by auth:api middleware in the Laravel 5.6.35 back-end using Passport 7.0.1.
The issue is that it is generating when I register and log-in.
return Response::json([
'token' => $user->createToken('foobar')->accessToken,
'user' => $user
], HTTPResponse::$HTTP_OK);
Insomnia rest will then show the following when accessing the routes belonging to the auth:api middleware.
"message": "Unauthenticated."
It was working until an hour ago, and it stopped after I refreshed the database. I dropped and created a new one, registered a test user and attempted to access and endpoint passing the token as Bearer token and Accept header to application/json. I've done it like this many times, always running php artisan passport:install --force after each refresh.
I don't know how to solve it. I saw where it was failing in TokenGuard.php file, but what to do? Why has it suddenly stopped?

The reason of the issue was because I was setting another field as the primary key of users table, and it was causing an error in the Passport's auto-generated tables.

you must reinstall the passport after refreshed the database.Then only Token will generate
php artisan passport:install

In case you are using Apache Server, Add this line to your httpd.conf file.
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Does entrust 5.2 package supports with laravel 5.4?

Can I install entrust 5.2 with laravel version 5.4 to assign roles and permissions to the users???? I installed and tried. But I can not able to assign roles. I am getting error status 403. Can Anyone help?

An error 403 is an unauthorized action response, which in all likeliness has nothing to do with Entrust, and more so to do with your routes and current authorization rules. Can you verify you have access to the routes you are trying to send requests to? It does not need to involve the Entrust package, simply making GET or POST requests through a basic form will do.