Level 75
See this: https://laracasts.com/discuss/channels/laravel/authenticate-with-jwt-auth
You still use same email and password, there isn't two different logins. Tokens are handled behind the scenes.
Dec 23, 2022
5
Level 1
Classical sessions on web (Inertia) and JWT (API-mobile) at the same time
Inertia is great but I am worried about the iOS/Android apps be it in Flutter or what not that will need an API alongside.
I guess creating an additional API routes and controllers is double the work but it is not a big problem.
I am more worried about the mix of json web tokens with API routes (mobile apps) and classical sessions (Inertiajs) for authentication of users.
My biggest worry is that the same user is logged in via the web session on a computer and then via a JWT on the mobile app.
Will the mix of JWT on mobile apps and a classical session in one project be a problem?
Level 1
@jlrdw hmm, so I just need to create a different middleware authentication for my api routes? There is no need to change the users table? Add some column, etc.?
If I understand it correctly, Inertia.js will serve classical web routes and classical web authentication that comes e.g. with Breeze and I will have to add/install Sanctum and use the Sanctum's middleware authentication on those API routes that I want to user/password protect, right?
So, a classical athentication and Sanctum authentication can coexist at the same time? I just use Sanctum authentication for routes in api.php?
By the way, I see that the file api.php already contains this:
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
Does it mean it's already preinstalled in Laravel 9 by default?
Level 75
@vedoj I suggest some tutorials on JWT and some youtube videos. And a practice project.
Also you said JWT, are you switching to Sanctum. Don't forget there is passport as well.
Edit:
Level 1
@jlrdw From your link:
As of today, if you are creating an SPA -either same or different domain-, I suggest you use Sanctum because it's lightweight and is designed specifically for this use-case. Passport isn't intended to be used for SPA Authentication and thus is not the best fit.
So, I guess Passport is not useful for my case, because I host everything on my domain like /api/ for api routes etc.
Please, can any conflict when it comes to the DB of Laravel arise when using both sanctum and normal auth at the same time, or not?
And PLEASE can we all be less hostile and more willing to help... it's 1 day before Christmas. There is no need to indirectly tell me that I am stupid. I know it. I am watching videos and reading stuff. This forum is not the only source of information when it comes to my journey with Laravel.
All I wanted to know is that Sanctum with an existing authentication can coexist together at the same time, or they can't. If you suggest to RTFM you just confirm this post https://www.reddit.com/r/laravel/comments/zml7iv/thoughts_on_community_atmosphere_and_toneofvoice/
Thank you.
Level 75
@vedoj I wasn't trying to be anything but nice, I was just referring you to other post that talk about the subject.
But seems you have gone from JWT to Sanctum. So it is well documented via documentation and some videos on laracasts by @jeffreyway .
This stuff with API's and tokens can be a pretty deep learning curve.
Please or to participate in this conversation.