Mrtvac's avatar

Laravel Fortify + Sanctum + SPA (VueJS/ViteJS)

Hi,

Not sure if this is expected behaviour or a bug but you can replicate easy with Postman.

I have Laravel 10, Fortify and Sanctum setup as a backend API and on the frontend I'm using SPA build with VueJS/ViteJS.

I have login form which works fine (sending GET request to /sanctum/csrf-cookie and then POST to /login) and Laravel is sending back JSON with {two_factor} which is expected.

However I've noticed, if a logged user try to login again, instead of sending JSON back, Laravel does a redirect to a home page and I believe this is because /login route is being guarded by "guest" guard which says if already authenticated redirect (RedirectIfAuthenticated.php middleware).

Is this expected behaviour? Should Laravel, in this case because it's XHR request, return 200 rather than 319 Redirect?

Idea is to check request in RedirectIfAuthenticated and if it's $request->wantsJson(), return response()->json() instead or redirect(RouteServiceProvider::HOME);

What are your thoughts on this?

0 likes
6 replies
vincent15000's avatar

Do you mean : when the use tries to log in or when the user tries to load the login view ?

I don't have this behavior, but you can try this.

As you are using Laravel only for API, you can deactivate the views in the fortify configuration file, it should probably (but not sure) solve your problem.

'views' => false,

But why don't you redirect the logged in user directly from the frontend ? You can define some navigation guards for this.

https://router.vuejs.org/guide/advanced/navigation-guards.html

Mrtvac's avatar

@vincent15000 This is not "normal" behaviour on the front-end because once the user it logged in you won't show then login form again.

I was just testing something during development and noticed this behaviour which happens if logged in user tries to log in again (so basically sending another POST request to /login once the user is logged in)

In regards to that setting "views" => false, I already have that set.

Cheers.

1 like
Shujaat's avatar

I'm seeing exactly the same behavior with Laravel 11, Sanctum and Fortify. I was just testing my API in Thunder Client. If user gets authenticated once, any subsequent calls to login endpoint end up redirecting to web root which throws a 405 Method Not Found error, which is expected since there is no POST method on "/" route. Laravel should simply skip redirection in case of XHR calls.

1 like
captjay98's avatar

Have you found a workaround for laravel 11 please? I used to make changes to the RouteServiceProvider in laravel 10 to counteract the behaviour.

1 like
vincent15000's avatar

@captjay98 You don't need to change the RouteServiceProvider to avoid redirection. You just have to specify that there is no view in the fortify configuration file.

Mrtvac's avatar

@captjay98 I've resolve this but doing some extra checks on the front-end app. If user is logged it, and if he tries to reach /login, I redirect them back to logged user homepage.

Please or to participate in this conversation.