Laravel Sanctum configuration

[shpeedle]

I have questions about configuring laravel sanctum.

1. I updated the 'api' middleware in the kernel.php file like in the Sanctum docs: https://laravel.com/docs/7.x/sanctum#spa-configuration. But can I still hit 'web' routes with my vue.js app and maintain session/csrf?

2. If I use the 'api' routes with Sanctum, and I add my 'stateful' domain that my vue.js app will be running, can stateless endpoints still be called? We have other server-side apps that will hit the 'api' routes in addition to vue.js app and we don't want 'stateful' use of those. So, can we configure our 'api' routes to authenticate vue.js app in stateful manner and also have our other server apps hit those same 'api' routes with stateless auth?

Thanks in advance!

[shpeedle]

Anyone ever set up like this?

I'm setting up now so I will share my results when done.

[ianCamacrea]

Genuinely interested in that. I plan to do an angular app which will be used to be a mobile app and a browser app at the same time (with cordova) so I too need to use the stateless and statefull sides of Sanctum. Please let me know if you find something.

[shpeedle]

I got it working. The sanctum auth library is actually pretty good.

If there's an Authorization header with a bearer token, 'sanctum:auth' middleware will authenticate on the token. If there's a session cookie (and not Authorization header) then 'sanctum:auth' middleware will authenticate the session.

[ianCamacrea]

Hi,
I can't seem to get it work properly, the auth:sanctum middleware doesn't recognize my session somehow,
maybe because i'm using a custom guard with a custom provider for it (api_users)

Are you working with a custom guard too or just using the standard web guard?

[ianCamacrea]

I made it!

just needed some rubber ducking I guess.

If it helps anyody, my problem was I was using a different middleware group to ensure the statefullness of request,
thinking that if I used the api middleware group, the token based request would fall under the ensure statefullness middleware.
But I guess sanctum is smarter than that and manages to distinguish it hahaha.

@beamsies Thanks for the hints, mate