Summer Sale! All accounts are 50% off this week.

Ligonsker's avatar

Where to place SPA incoming registration requests and other API requests?

Looks like the docs consider the SPA as an API: https://laravel.com/docs/9.x/sanctum#protecting-spa-routes, and the Sanctum guard is by default at routes/api.php:

use Illuminate\Http\Request;
 
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});

But I am still not sure where I should put all these requests from the SPA, and should I place the registration file in other place? Or since it's all web requests I still put all the SPA requests in routes/web.php?

0 likes
3 replies
martinbean's avatar

@ligonsker What do you mean? If you have a SPA, then you’ll be making HTTP requests using a HTTP client like Axios, or JavaScript’s fetch API.

The routes you’ll be calling (and protected by the auth:sanctum guard) will usually go in your routes/api.php file since they’re being called asynchronously and not as web pages.

2 likes
jlrdw's avatar

Also did you specifically go over this:

https://laravel.com/docs/9.x/sanctum#how-it-works-spa-authentication

Which states:

For this feature, Sanctum does not use tokens of any kind. Instead, Sanctum uses Laravel's built-in cookie based session authentication services.

I suggest going over the chapter again. And just my suggestion only, I would consider passport.

2 likes
Ligonsker's avatar

@martinbean @jlrdw thank you, I remember reading a question here on Laracasts forum and I might've confused that someone said you should also use web routes in this case, but again I might've misread something.

@jlrdw - I never dealt with OAuth2, how hard is it to get an OAuth2 server up and running?

Please or to participate in this conversation.