Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Developing a chrome extension for my Laravel web app and I am wondering what the best way to authenticate a user in the extension is? Should I have a login form on my extension and post that to something like ApiController > Login method where I check their login and return a JSON object with their token?
Has anyone else accomplished anything like this? Here is some documentation on Google Chrome Extensions for manual authentication: https://developer.chrome.com/apps/app_identity#non
I'm just not sure if I should be using something like passport and have the user plug in their Client ID and token or if I can simply have a login form and store their CSRF token in the storage of the extension so I can make ajax calls to the API.
Just a push in the right direction is all I need :)
I would probably use an ajax call and return a JWT token which can be used for the API on the background. To make it saver you let tokens expire or auto refresh them self.
In Laravel by default the CSRF is disabled for the api routes. It's only enabled for the web routes.
Please or to participate in this conversation.