I've got a fresh install of Laravel 7.1 with Sanctum 2.0 running at api.domain.test and a fresh install of a Vue CLI frontend at app.domain.test.
I'm able to retrieve the CSRF cookie from the
/sanctum/csrf-cookie route and Axios is setting the
X-XSRF-TOKEN header when making a request to the
/login route, but the
VerifyCsrfToken middleware is throwing a
DecriptionException stating that the MAC is invalid.
I tested the app's ability to encrypt and decrypt via Tinker, which works as expected. I didn't find much searching.
This seems to be a common issue when people are swapping the
APP_KEY, after encrypting data, but that isn't the issue here.
Any suggestions on what I should be looking for here?