I'm just new to laravel passport so it is kind of confusing to me. I have watched Taylor otwell tut on passport but still I am not able to figure out that Is it possible to authenticate an angular app with laravel passport?
What I want to do is build a Full SPA application with angular 2 as frontend and laravel 5.3 as back-end. I've used JWT for authentication with laravel on version 4.2 but just want to know if it is do able through laravel passport.
Your comments and answers will be appreciated.
Thanks
Yes it is possible but it's also more complicated then it was in Angular 1.
This entry could be helpful:
Angular2 - set headers for every request
because you need to pass CSRF token to the app to consume your application as it's written here:
https://laravel.com/docs/5.3/passport#consuming-your-api-with-javascript
Related
I have laravel 8 backend app, serving as API for frontend using Vue 3
In my routes/api.php I have
Route::post('/teachers', [TeacherController::class, 'index'])->name('teachers');
This will return list of teachers to be used in VueJS.
How do I restrict so that only my VueJS app can access api/teachers ? I successfully hitting the api above using POSTMAN, which I expect it to be failed.
I have laravel sanctum installed, although i'm not so sure whether this is something sanctum can help with.
Thanks
I am newbie with laravel.
I understand that in order to protect routes, you have to first check if a user is authenticated and a session is made. thus, we apply auth middleware in the web routes.
However, I am trying to implement laravel passport and now I am not able to proceed to my routes anymore since I have been authenticated using the passport.
My question is that is it possible to secure the web routes with passport token instead of laravel session? and if so, how one should do it?
Thanks, sorry for english, not native speaker.
Laravel passport is for API routes not for web routes you can use laravel session for web
for more details read it's documentation
https://laravel.com/docs/8.x/passport
I am using Laravel Sanctum for making authentication. I don't have any SPA application and I want to have Laravel Sanctum for having default authentication.
I have followed the documentation but I've got 419 error code.
If you try to logging to system with Cookie Base application you should add CSRF to your application. And you do not have to use Laravel/Sanctum package if you will not separate your application parts with wildcards. Just use sessions instead of it.
Description
Currently, all my clients project was builded using Laravel Passport but recently I had read about the Laravel Sactum. It sounds similar to me.
Questions
I am getting really confuse? What are the main different between these two and in what scenario we should use each of them? Since we already have passport, what is the point of having Laravel Sactum? Any hints?
laravel passport follows oauth2 and is one of the implementations.
laravel sanctum provides a simple way for your authentication system for SPAs.
As you already used passport, there is no point to change to sanctum.
Sanctum is for the app that does not want to use the complex oauth2 flow.
To understand thing in dept
Article :https://divinglaravel.com/authentication-and-laravel-airlock
Notes: Laravel airlock(Old name) and Laravel sanctum(new name)
Youtube's Explanation: https://www.youtube.com/watch?v=LELn-3ZpH9I
My Summary (Benefits of Laravel Sactum)
If you are using spa(single page application, either vue, angular
or react). Need not to include the bearer token into the request. It
is automatically done after your first request to
/airlock/csrf-cookie. The whole idea is turn the stateless http to stateful http.
If we have a stateless application like mobile application or
others. We could easily create a stateless token using the following code.
$user->createToken(
'laravel-forge',
['server:create', 'server:delete']
);
Simplify maintenance part because programmer does not need to understand the concept of oauth2.
please help me,
I want the stateless authentication for Rest api for login api to to get the token from it by using guard in it.
You might consider using Laravel Lumen because laravel by default uses session state.
In lumen you can be able to authenticate a user by using the new Auth::viaRequest() method. Docs here: https://lumen.laravel.com/docs/5.2/authentication