New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanctum doesn't work with sub domains #156
Comments
Hey there, Can you first please try one of the support channels below? If you can actually identify this as a bug, feel free to report back and I'll gladly help you out and re-open this issue. Thanks! |
Hello driesvints, I have tried larachat(laravel slack community) and stackoverflow(https://stackoverflow.com/questions/62269976/laravel-sanctum-auth-issue/62288791#62288791) without any joy I have been trying to get this working for two days now :(. I appreciate any help you can give. Its proberly something I am doing wrong but i just cant see it. |
@jamesh-purr you need token In order to authenticate via |
That would go against what the documentation states https://laravel.com/docs/7.x/sanctum#spa-authentication For this feature, Sanctum does not use tokens of any kind. Instead, Sanctum uses Laravel's built-in cookie based session authentication services. This provides the benefits of CSRF protection, session authentication, as well as protects against leakage of the authentication credentials via XSS. Sanctum will only attempt to authenticate using cookies when the incoming request originates from your own SPA frontend. As long as i'm using laravel's auth scaffolding I can use the cookie based authentatication?? |
Hey sorry, I just noticed I didn't reply to you, so I'm not sure you get notifications if I don't reply. Please see above if you didn't and apologies if you do get notifications. |
@jamesh-purr for the SPA authentication you need to add |
Hey @RahulDey12 Thanks for getting back to me. Unfortunately that still doesn't work. I have tried, Route::group(['middleware' => 'auth:web'], function () { in my api routes file and still I got unauthorised. The only way I have managed to get this to work is to add this to web.php file instead
|
@jamesh-purr have you added |
I have indeed. I have exhausted all options. I have tried every bit in the documentation and other sites. |
I have a problem with subdomain too T.T |
This means, use |
@ShinHyungJune you can just use it like |
@ShinHyungJune Aaaah cookies! As Adam Wathan said:
|
I did manage to get this working with another project. I just think the documentation isn't very clear and is a little confusing. So even though this works with the web cookies you can't use the standard laravel auth login pages/views that are generated. You need to do an ajax call instead first to the sanctum api route and then call the login route. I used axios/vuejs but you could use jquery if you wanted too. |
Still struggling with this too. Could you please share how you solved it? Thanks in advance! |
Having this issue also I'm using Vue not ui.. seems the problem is with the api middleware. i can make request to What I noticed.. For now I can't get cookie to work as browser is refusing to set the cookies domain attribute something, but is sent as response header |
For laravel to authenticate the request.. the cookie must be present |
Using url localhost doesn't set-cookie . Change to something else example.com and it's working.. just in case may be helpful to someone |
There really isn't much more I can say to add to this. You need to do an ajax call to the sanctum api route first. Then do a post request to login route that built into laravel and then that in that order will create the session needed to begin calling your apis. |
I've following setup & ITS WORKNG: Env file
Hope that this might help someone |
Below is our working config. front end https://civ4.domain.com/ SESSION_DOMAIN=.domain.com |
We have dynamic subdomain
|
I've one subdomain for laravel application 1) api.domain.com Working env setup:
|
I have SESSION_DOMAIN=.renesistechdemo.com Also tried, But its still not working |
Hi. Do you manage to solve this thing? I already posted this on stackoverflow but unfortunately got no answers. |
|
Hi. Do you manage to solve this thing? |
@SuperStar518 you cannot use a different TLD. Sanctum is designed for stateful domain using the same TLD. The stateless auth method uses the private access token ie Mobile devices or access from a different domain entirely. |
Description:
Sub domains don't appear to work at all. I have followed the documentation to the T. From the documentation I should be able to use Laravel's auth scaffolding as per normal.
Then when you do an axios call to the api routes using sanctum middleware, it should grab the session/cookie and do the authentication based on the auth scaffolding/ the user logging as per the standard login controller.
Have I misunderstood the way the SPA part works? Apologies if I have.
Steps To Reproduce:
Route::group(['middleware' => 'auth:sanctum'], function () {
I have checked the documentation about 40 times and checked forums without any luck of getting a sub domain to work with api calls with Vue. Again apologies If I have misunderstood the way this works. If I have misunderstood, please point me in the right direction.
The text was updated successfully, but these errors were encountered: