Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mark_kcc's avatar

Laravel 8 JWT API and normal login

HI I have an app that has a login page and end points for API. I am using tymon/jwt-auth for the API auth but cannot get both the login page to and API at the same time. In the config/auth.php settings the defaults/guard to web and allows me to login to the site but kills the API requests and setting it to api allows the api but not the login. I'm sure it's a routing issue but cannot figure it out.

I have a http/controllers/API/contollers AuthController and http/controllers/HomeController.

The API route:

Route::get('/auth', [AuthController::class, 'auth']);

Route::middleware('auth:api')->group(function () { Route::resource('buildings', BuildingController::class); });

The WEB route:

Route::get('/', function () { return view('auth.login'); });

Auth::routes([ 'register' => false, 'reset' => false, 'verify' => false, ]);

Route::get('/buildings-index', [HomeController::class, 'buildings'])->name('buildings-index');

Cheers

0 likes
10 replies
CorvS's avatar

@mark_kcc Just to be sure, but your API routes are inside api.php and your web routes inside web.php?

CorvS's avatar

@mark_kcc Okay and how exactly do you send a request to your API's login endpoint? Can you give an example?

CorvS's avatar

@mark_kcc Okay, first of all you are sending the email and password as query parameters, don't do that please. Put them inside the request body (using POST) and change your route accordingly:

Route::post('/auth', [AuthController::class, 'auth']);

What does your auth function look like?

mark_kcc's avatar

Unfortunately I have to use the GET method as this is a rewrite for an existing app which is used by many legacy applications

CorvS's avatar

@mark_kcc Okay, back to your problem. What does your auth function look like? And what is the status code of your API request anyway?

mark_kcc's avatar

public function auth() { $credentials = request(['email', 'password']);

  if (!$token = auth()->attempt($credentials)) {
        return response()->json(['error' => 'could_not_create_token'], 401);
  }

  return response()->json(['token' => $token], 200);

}

When the api works I get the token when it's not working I get:

{ "token": true }

Please or to participate in this conversation.