Level 102
Show the code. Be aware that inertia does not use the api.php file at all. All routes goes in web.php
1 like
Sep 14, 2022
12
Level 1
Using API route in inertia + laravel always returns unauthenticated
Hi! I need help. I was able to login using inertia form, but if I use auth:sanctum in my API route middleware, it does not work... it always returns unauthenticated.
{message: "Unauthenticated."}
I dont understand what the docs here means. https://inertiajs.com/authentication
Level 1
@Sinnbeck does that mean I can't use API routes?
I am trying to do something like this.
axios.get("/api/v2/billings/subscriptions/volumes", {
headers: {
"Content-Type": "application/json",
Authorization: `Bearer ${this.$page.props.token}`,
},
params: {
filter_by: "weekly",
},
withCredentials: true,
});
and here it my route:
// api/v2/billings
Route::middleware(['auth:sanctum'])->group(function () {
// subscriptions
Route::prefix('subscriptions')->group(function () {
Route::get('/volumes', [SubscriptionController::class, 'getVolumes']);
});
});
it returns this {message: "Unauthenticated."}
Level 104
@BroJenuel why are you authenticating with a token at all; Inertia uses the Session-based authentication system
Level 1
@tykus any suggestions to be able to authenticate API routes?
Level 102
@BroJenuel Do you use the same routes for an actual API? Or is there some other reason for them to be in api.php?
Level 1
@Sinnbeck their no same route all routes have dirrefrent paths,, the reason was to use the API route for getting data externally..
Level 1
@Sinnbeck this does mean, I have no choice but to use web middleware for my API routes?
Level 2
@Sinnbeck Inertia doesn't choose what routes to use, and can use any file you tell it.
You only need to make sure that such routes have the StartSession middleware applied.
This typically means activate the EnsureFrontendRequestsAreStateful middleware that comes commented by default in your Http Kernel on a fresh Laravel application, and off you go!
1 like
Level 1
So the solution was to use the web middleware since API middleware will ignore sessions. so in my file here, I have changed the API to Web middle ware.
// app\Providers\RouteServiceProvider.php
Route::prefix('api/v2/billings')
->middleware('web') // I changed this part from API to web
->namespace($this->namespace)
->group(base_path('routes/api/v2/billing-api.php'));
and in my route file I added another middleware wich is auth:sanctum for authenticating.
Route::middleware(['auth:sanctum', 'verified'])->group(function () {
// subscriptions
Route::prefix('subscriptions')->group(function () {
Route::get('/volumes', [SubscriptionController::class, 'getVolumes']);
});
});
so I can use axios like this, make sure to add "content-type" when you want to return json data.
// axios.with
axios.get("/api/v2/billings/subscriptions/volumes", {
headers: {
"Content-Type": "application/json",
},
params: {
filter_by: "monthly",
},
});
3 likes
Level 1
@BroJenuel Thanks for this. In my case, I needed some extra endpoints to populate some autocomplete async VueSelect fields. Worked great.
2 likes
Level 2
@BroJenuel I'm happy you got around it, but applying the web middleware group to the api routes group may not be the best solution.
Simply go in your Http Kernel and activate the EnsureFrontendRequestsAreStateful middleware that comes commented by default.
This middleware takes care of ensuring that the api request originated from your frontend and it will then activate other middleware like StartSession (which is particularly responsible for authentication), VerifyCsrfToken, AddQueuedCookiesToResponse, and EncryptCookies.
'api' => [
EnsureFrontendRequestsAreStateful::class, // Uncomment this middleware!
ThrottleRequests::class . ':api',
SubstituteBindings::class,
]
Hope it helps!
7 likes
Level 1
@newtonjob I did not know this can be done,, thanks a lot,, this will going to be useful later on..
1 like
Please or to participate in this conversation.