5.3: api routes, auth middleware confusion

Posted 2 years ago by meredevelopment

I'm getting very confused by the differences between routes set-up in web.php and ones in api.php. Also the differences between using $this->middleware('auth') and $this->middleware('auth:api'). Please be patient with me...

Setup:

  • I have fired up the standard auth setup with php artisan make:auth. registering and logging in with a user works and I end up at /home.
  • I have a controller called MembersController thats forming a API endpoint, returning JSON. With no auth, this is working as I want it to.
  • I have a route in routes/api.php like this:
Route::group(['prefix' => 'v2'], function() {
  Route::resource('members', 'MembersController');
});

To try and add authentication to MembersController I added:

public function __construct()
    {
        $this->middleware('auth');
    }

When I navigate to http://domain.dev/api/v2/members I get redirected to http://domain.dev/login. If I log in here I get redirected to /home "You are logged in!". GOOD. Now I'm logged in, if I try and go back to http://domain.dev/api/v2/members I get immediately redirected to /home. NOT GOOD.

Interestingly, if I add the members resource route to routes/web.php and not routes/api.php, after I log in I do get sent to /home, BUT if I try to go to http://domain.dev/api/v2/members it works, and I see my pretty pretty JSON :)

So... the reason I'm using the api routes is that I want to eventually get auth:api middleware working, and use token auth sent in a header, or a POST var. This is where I've found the docs get rather thin, but it's probably because I have some fundamental understanding missing.

By the way, if someone fancies some StackExchange points, this person is having exactly the same issue it seems: http://stackoverflow.com/questions/39561695/laravel-5-3-api (not my question)

Please sign in or create an account to participate in this conversation.

Reply to

Use Markdown with GitHub-flavored code blocks.