I am using Laravel 5.8 and Passport 7.3.
I am using Passport with https://laravel.com/docs/5.8/passport#password-grant-tokens, strictly. I am not using any of the oAuth features at all.
The set up I want is to make an API request from an SPA from domain.com to my Laravel instance on api.domain.com using Cookies.
I have managed to get this working (but not in the way I want), to prove my set up is working end to end.
When you hit
api/auth/login, I authenticate the User and return a cookie that contains:
$token = $user->createToken('MyApp')->accessToken;
I am using NextJS for the front-end, which allows me to get the Cookie from the Headers sent to my Express server that is being used to run NextJS, I then pass this to my React Component that sends it off in the
Authorization: Bearer header.
Using this method I can pass `->middleware('auth:api').
Now, I want to change from
Authorization: Bearer to just passing the secure, httpOnly cookies they already have stored, so I can make API calls from the client.
The docs talked about passing the
Authorization: Bearer, but do not mention cookies. https://laravel.com/docs/5.8/passport#protecting-routes
How do I make it so my API routes read the Cookies sent, and have the authorization check against that, instead of
Authorization: Bearer when using