I want to understand difference JWT Auth vs Laravel Auth with Axios.
In Laravel Auth with Axios, we can use standard middleware and things from Laravel Auth. Can someone explain me why People always choose JWT? It's got something than Laravel Auth with Axios don't have? We can always set a variable in JS with auth true/false when user it's logged in by Laravel (it checks session/cookies for that) and check that variable before route change?
Related
I am newbie with laravel.
I understand that in order to protect routes, you have to first check if a user is authenticated and a session is made. thus, we apply auth middleware in the web routes.
However, I am trying to implement laravel passport and now I am not able to proceed to my routes anymore since I have been authenticated using the passport.
My question is that is it possible to secure the web routes with passport token instead of laravel session? and if so, how one should do it?
Thanks, sorry for english, not native speaker.
Laravel passport is for API routes not for web routes you can use laravel session for web
for more details read it's documentation
https://laravel.com/docs/8.x/passport
I am using Laravel Sanctum for making authentication. I don't have any SPA application and I want to have Laravel Sanctum for having default authentication.
I have followed the documentation but I've got 419 error code.
If you try to logging to system with Cookie Base application you should add CSRF to your application. And you do not have to use Laravel/Sanctum package if you will not separate your application parts with wildcards. Just use sessions instead of it.
I know that with JWT, you can decode the token and get the details from it. In doing so you can validate in your standalone frontend app.(eg Vue js)
Is there a way to do the same thing with laravel sanctum with an SPA not on the same domain? If yes please how?
I use Laravel for a project. It is not a vue SPA, so no route used at all. The register, login and some other form inputs and outputs are made with modals using vue. For posting the form vars axios is used. For server side authentication laravels standard auth is used. But here is no other authentication like jwt. Should I use other auth types or would csrf be enough? Are there other suggestions?
Usually for web routes csrf token is enough secure or it has been so far. And it does:
Check if the request is a reading request (HEAD, GET, OPTIONS).
If so, skip the check. Match the token from the _token input or from the headers.
Add a cookie with the token to each request.
If you are using api routes then you can chose from Laravel passport which you can setup oAuth2 or you could build your own custom auth middleware using jwt tokens.
I know passport uses oAuth, but my question is.. is it better to use Passport for Auth (Login and Register) or should i use jwt for login and register and Passport for external API requests... or use passport for both (User API and Login/AUTH)
Now i'm programming a SPA website with laravel and VueJs 2, i'm stuck in this.
Laravel Passport does, in fact, use JWT so comparing "JWT vs Passport" is kind of wrong.
You can use Laravel Passport for everything you mentioned - logging in, registering (not built-in in Passport but easy to add) and protecting external API requests.