GET http://localhost:8000/api/me 401 (Unauthorized) #31
Description
Describe the bug
There seem to be an incorrecte or a non-typical configuration of cookies in your package.
When I make a request to endpoint /api/me ( with necessary cookies for authentication), I get back an Unauthorized response.
To Reproduce
Steps to reproduce the behavior:
- set up sanctum on Laravel (version 10) and serve on port 8000
- npm run dev frontend project
- In searchbar navigate to http://localhost:3000/, provide credentials and submit
Expected behavior
I want to catch cookies from the request and authenticate users for laravel API routes
Screenshots
not neccessary at this point
Nuxt environment:
I am using the following repository:
https://github.com/manchenkoff/nuxt-auth-sanctum
- Version: 3.1.0
- Environment: local
Module information
export default defineNuxtConfig({
modules: ['nuxt-auth-sanctum'],
sanctum: {
baseUrl: 'http://localhost:8000',
},
});Laravel environment:
- .env settings extented by
FRONTEND_URL=http://localhost:3000
SESSION_DRIVER=cookie
return [
'stateful' => explode(
',',
env(
'SANCTUM_STATEFUL_DOMAINS',
sprintf('%s','localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1')
)
),
];- CORS settings from your
config/cors.php
return [
'paths' => ['api/*', 'sanctum/csrf-cookie'],
'allowed_methods' => ['*'],
'allowed_origins' => [env('FRONTEND_URL', 'http://127.0.0.1:3000')],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
];Additional context
I was suggested to make some changes to your package in order to authenticate user via Cookie, since apparently token-based auth is not supported.
in sanctum.php middleware was chnanged to the following:
'middleware' => [
'authenticate_session' => Laravel\Sanctum\Http\Middleware\AuthenticateSession::class,
'encrypt_cookies' => Illuminate\Cookie\Middleware\EncryptCookies::class,
'validate_csrf_token' => Illuminate\Foundation\Http\Middleware\ValidateCsrfToken::class,
],
in config/api.php
Route::middleware('auth:sanctum')->group(function () {
// your authenticated API routes here
Route::post('login', [UserController::class, 'login']);
Route::get('me', [UserController::class, 'me']);
})->middleware('web'); //
in app/Http/Controllers/UserController.php some codes were exchanged for the following:
$plainTextToken = $user->createToken('hydra-api-token', $roles)->plainTextToken;
$cookie = cookie('hydra-api-token', $token, 60 * 24 * 7); // set the cookie for 7 days
return response()->json(['error' => 0, 'id' => $user->id, 'name' => $user->name, 'token' => $plainTextToken])->withCookie($cookie);
Unfortunately this didn't work.
I also followed in vain the suggestions in the following link:
https://laracasts.com/discuss/channels/laravel/authenticate-user-using-cookie-laravel-sanctum