Skip to content

docs: Sanctum SPA Authentication Guide (httpOnly Cookies) #220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 25, 2025
+580 −9
Merged

docs: Sanctum SPA Authentication Guide (httpOnly Cookies) #220

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1c5ad1d
docs: add comprehensive Sanctum SPA authentication guide
kevalyq Nov 25, 2025
3518588
docs: fix Copilot review issues in sanctum-spa-auth guide
kevalyq Nov 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 10 additions & 9 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Changed

- **Development Documentation** - Consolidated design principles to central `.github` repository (#TBD)
- `DEVELOPMENT.md`: Removed detailed principle explanations, added reference to central `.github/docs/development-principles.md`
- `docs/COPILOT_REMINDER_PATTERNS.md`: Updated references to point to central documentation
- `docs/DESIGN_PRINCIPLES.md`: Deleted (DRY violation - content centralized in `.github`)
- Follows DRY principle: Single source of truth for all development principles across all SecPal repos
- Part of organization-wide design principles consolidation

### Added

- **Sanctum SPA Authentication Guide** (#218)
- Comprehensive documentation for httpOnly cookie authentication
- Architecture diagrams and authentication flow
- Configuration guide for both development and production
- Troubleshooting section with common issues and solutions
- API endpoint examples with curl commands
- Frontend integration code samples (TypeScript)
- Security best practices and production deployment checklist
- Part of Epic: httpOnly Cookie Authentication Migration (SecPal/api#217, SecPal/frontend#205)

- **httpOnly Cookie Authentication Tests & Documentation** (#208)
- Comprehensive test suite in `tests/Feature/Auth/SanctumCookieAuthTest.php`
- 14 integration tests covering Sanctum authentication configuration
Expand Down
Loading