Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GET http://localhost:8000/api/me 401 (Unauthorized) #31

Open
mkgy opened this issue Apr 12, 2024 · 0 comments
Open

GET http://localhost:8000/api/me 401 (Unauthorized) #31

mkgy opened this issue Apr 12, 2024 · 0 comments

Comments

@mkgy
Copy link

mkgy commented Apr 12, 2024

Describe the bug
There seem to be an incorrecte or a non-typical configuration of cookies in your package.
When I make a request to endpoint /api/me ( with necessary cookies for authentication), I get back an Unauthorized response.

To Reproduce
Steps to reproduce the behavior:

  1. set up sanctum on Laravel (version 10) and serve on port 8000
  2. npm run dev frontend project
  3. In searchbar navigate to http://localhost:3000/, provide credentials and submit

Expected behavior
I want to catch cookies from the request and authenticate users for laravel API routes

Screenshots
not neccessary at this point

Nuxt environment:
I am using the following repository:

https://github.com/manchenkoff/nuxt-auth-sanctum

  • Version: 3.1.0
  • Environment: local

Module information

export default defineNuxtConfig({
    modules: ['nuxt-auth-sanctum'],

    sanctum: {
        baseUrl: 'http://localhost:8000',
    },
});

Laravel environment:

  • .env settings extented by

FRONTEND_URL=http://localhost:3000
SESSION_DRIVER=cookie

return [
    'stateful' => explode(
        ',',
        env(
            'SANCTUM_STATEFUL_DOMAINS',
            sprintf('%s','localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1')
        )
    ),
];
  • CORS settings from your config/cors.php
return [
  'paths' => ['api/*', 'sanctum/csrf-cookie'],
    'allowed_methods' => ['*'],
    'allowed_origins' => [env('FRONTEND_URL', 'http://127.0.0.1:3000')],
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => true,
];

Additional context
I was suggested to make some changes to your package in order to authenticate user via Cookie, since apparently token-based auth is not supported.

in sanctum.php middleware was chnanged to the following:
'middleware' => [
'authenticate_session' => Laravel\Sanctum\Http\Middleware\AuthenticateSession::class,
'encrypt_cookies' => Illuminate\Cookie\Middleware\EncryptCookies::class,
'validate_csrf_token' => Illuminate\Foundation\Http\Middleware\ValidateCsrfToken::class,
],

in config/api.php
Route::middleware('auth:sanctum')->group(function () {
// your authenticated API routes here
Route::post('login', [UserController::class, 'login']);
Route::get('me', [UserController::class, 'me']);
})->middleware('web'); //

in app/Http/Controllers/UserController.php some codes were exchanged for the following:

 $plainTextToken = $user->createToken('hydra-api-token', $roles)->plainTextToken;

    $cookie = cookie('hydra-api-token', $token, 60 * 24 * 7); // set the cookie for 7 days

    return response()->json(['error' => 0, 'id' => $user->id, 'name' => $user->name, 'token' => $plainTextToken])->withCookie($cookie);

Unfortunately this didn't work.

I also followed in vain the suggestions in the following link:
https://laracasts.com/discuss/channels/laravel/authenticate-user-using-cookie-laravel-sanctum

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant