Level 75
When you made configuration changes, did you restart the server?
Oct 15, 2024
7
Level 1
Laravel Sanctum auth:sanctum error Allowed memory size of 536870912 bytes exhausted
So i am using Laravel Sanctum on this version
- Laravel 11.28
- Sanctum 4.0.3
- PHP 8.3.9
I created an api routes of login just to create a token using createToken() and the process is working just fine with the access token is successfully stored in the personal_access_token in my database. I have configured the Sanctum config just like as explained in the Laravel Sanctum Documentation where:
config/sanctum.php
'guard' => ['api'],
config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'sanctum',
'provider' => 'users',
],
],
routes/api.php
<?php
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;
Route::get('/user', function (Request $request) {
return $request->user();
})->middleware('auth:sanctum');
Route::post('/login', function (Request $request) {
$credentials = $request->only('email', 'password');
if (! Auth::attempt($credentials)) {
return response()->json(['message' => 'Invalid credentials'], 401);
}
$user = Auth::user();
$token = $user->createToken('login-token')->plainTextToken;
return response()->json(['token' => $token]);
});
and when i hit the /api/user with any request (even empty request) it shows a HTTP 500 laravel error of Allowed memory size of 536870912 bytes exhausted (tried to allocate 60821504 bytes). I have tried adjusting the memory limit to use more memory, but it keeps getting the same error so I wondering is it something like infinite loops somewhere. I have tried to remove the middleware auth:santum and it is working just fine.
I tried to revert the guard in config/sanctum.php to web, and it is working when I passed the created token in the Bearer (Positive Case Testing) but when the auth is incorrect I am getting the page redirected to login where I dont have the routes and it shows laravel error of Route [login] not defined.
I do want to use the api guard in the config/sanctum.php but the error seems so random to me and i can't find what is wrong even with a simple code. And the web guard seems to be not suitable for my case where I need api response just to be responding to something like Unauthorized message and not redirecting to a login page just like what web routes would do.
Have any suggestion on how my code is somewhere incorrect or just ask if you want me to provide something more in code.
Level 1
@jlrdw Yes, I do restart the server like changing the memory limit in the php.ini then restart the web server (i use Laragon Apache so i restart all service including Apache, MySql, and also redis). I tried using ini_set to alter the memory limit. And i tried running:
php artisan optimize
php artisan config:clear
php artisan route:clear
Level 50
@davidmarsmalow This is off-topic, but don't run optimize during development.
Level 1
@JussiMannisto Thanks for the suggestion, i frequently wondering why my application in local development is sometimes required to run php artisan route:clear or php artisan config:clear every time i make changes to these files. Turns out because i run the php artisan optimize and it caching every settings so in the application and as of Laravel 5.5 is no longer needed.
Level 9
You don't need to change the config. It's not written in the documentation.
auth:sanctum is added by Sanctum itself, so you don't need to do it yourself.
https://github.com/laravel/sanctum/blob/4.x/src/SanctumServiceProvider.php
If the request to the API requires json, it will just return an error without redirecting.
Check the sender of the request, not Laravel.
Level 1
@puklipo Thanks for your reply. Are you saying that i don't need to change the config guard from web to api and just leave the config/sanctum.php as it is? Then my problem would be as i mention earlier when using web guard, i am getting what i expect from the code below where it return the user data (Positive case testing where i enter a correct Bearer token from createToken('login-token')->plainTextToken)
Route::get('/user', function (Request $request) {
return $request->user();
})->middleware('auth:sanctum');
but the next problem is where i pass the wrong token like asdf as a Bearer token, the error is Route [login] not defined. where i expect an error message of something like Unauthorized. Have any idea on how to get what i expect?
here are the curl of what my request is like with the Authorization token is set to not correct (asdf)
curl --location --request GET 'http://127.0.0.1:8000/api/user' \
--header 'Content-Type: application/json' \
--header 'Authorization: ••••••' \
--data-raw '{
"email": "[email protected]"
}'
Level 1
Set the guard key (in sanctum.php) to an empty array to prevent Sanctum from checking any guards that might trigger recursion:
'guard' => [], // Remove ['api'] entirely
Why This Works:
Sanctum's guard Configuration: The guard array in sanctum.php defines which guards Sanctum should check in addition to token authentication. By setting it to an empty array, you tell Sanctum not to check any session-based guards (like web), avoiding recursion.
Token-Driven Authentication: The api guard uses Sanctum as its driver, so token validation happens directly without needing to reference other guards. This breaks the infinite loop.
credit : Deepseek
1 like
Please or to participate in this conversation.