Level 80
@marouanaf Use Sanctum. It was literally created for this scenario.
1 like
May 12, 2021
4
Level 2
Laravel Authentication with Vue JS on the frontend
Hi All,
I have a question regarding an application that I'm working on currently, I'm using Laravel (V6) on the backend and Vue js (V2) on the front end, my question is about the authentication, I'm using the default authentication provided by Laravel (please see my auth.php file below), my routes are on web.php and I also put
Route::get('/{any}', "HomeController@index")->where('any', '.*')->middleware('auth');;
I'm using a Vue router, so the only thing I used Laravel Blade for is the login page and the master page (layouts) that contains my SPA, so is that OK and totally secure? or should I implement the login also as a Vue component and use a driver like Sanctum to implement the login?
I don't know if my questions are clear but please correct me and guide me to an article if I mentioned anything irrelevant.
<?php
use App\User;
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => false,
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
],
],
];
Thank you in advance!
Level 2
Thank you @martinbean for your quick response, would you please explain to me why it's best for this situation and whether I'm forced to change to Sanctum and build a login Vue component or it's secure to let it as it is currently, the most important to me right now is the security of my app and also not to change to something that may take me extra time but without a real benefit? Thanks in advance
Level 80
@marouanaf It’s covered by the docs: https://laravel.com/docs/8.x/sanctum#spa-authentication
3 likes
Level 2
I Will check that, Thanks @martinbean
Please or to participate in this conversation.