Authenticated in web.php but not in api.php

I'm using Fortify and Sanctum to provide session based auth to my SPA.

In my development environment the SPA is on http://127.0.0.1:3000 and my Laravel app is on http://127.0.0.1:8000 and these are my .env file variables:

APP_URL=http://127.0.0.1:8000
FRONTEND_URL=http://127.0.0.1:3000
SANCTUM_STATEFUL_DOMAINS=http://127.0.0.1:3000
SESSION_DOMAIN=127.0.0.1

I've also put the $middleware->statefulApi(); in my bootstrap/app.php and 'supports_credentials' => true, in my cors.php

But Still, when I send a request to any route in api.php like this:

Route::get('/user', action: function () {
})->middleware('auth:sanctum');

I get the unauthenticated message: {"message": "Unauthenticated."}

though the same route is working correctly in web.php, so I'm authenticated for web.php routes but not for api.php routes, is there something that I forgot to do here that api routes aren't getting session based auth or is it a different problem?

all similar questions seems to have outdated answers.

Glukinho

8 months ago

Best Answer

Level 31

It was discussed a week ago, SANCTUM_STATEFUL_DOMAINS should have host:port, not http://host:port

Try to set:

SANCTUM_STATEFUL_DOMAINS=127.0.0.1:3000

Ahmad-Ahmad

8 months ago

Level 1

@Glukinho I didn't see that! thanks a lot!

Please or to participate in this conversation.