Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

SkyeEwers's avatar

Passport JWT Auth: Setting larvel_token via AJAX GET

Hey Laravel Community!

I'm having a problem with using Laravel Passport's integrated feature for using my API with JS on my on page.

What I'm trying to do, is build a Vue Single-Page-Application that handles everything, including the login process, in JS by sending axios requests. I have so far managed to log myself in by posting my credentials to a custom /login route (in my web routes group) and then checking the data and logging the user in with the standard Auth:: facade. However, I now seem to have stumbled over an interesting problem:

When the /login request returns successfully, I send a GET-request to a /laravelToken route (also in my web-route-group) like so:

axios.get('/laravelToken').then(......)

While the class, responsible for sending the response, looks like so:

class WebAppTokenController extends Controller
{

    /**
     * WebAppTokenController constructor.
     */
    public function __construct()
    {
        $this->middleware('auth');
    }

    /**
     * Returns a simple 200 message
     * This route is simply used to set the laravel_token cookie on our client
     * This makes authenticated API-Requests possible without page-reload
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function laravelToken()
    {
        return(response()->json([
            'code' => 200,
            'message' => 'TokenShouldBeSet'
        ]));
    }
}

As you can see, the route checks for proper authentication, then returns a simple message. And since I have this in my Kernel.php:

protected $middlewareGroups = [
        'web' => [
            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
        ....
        ],

I would expect that the response to that /laravelToken request would set the laravel_token cookie required for using my API routes within my JavaScript. The problem is: That does not happen. Not at all. The response contains my simple 200 message and also updates my xsrf-token and laravel_session cookies, but it does not set the laravel_token (I have checked in Chrome's Web Inspector to see that the set-cookie response header is not actually being sent).

Question is: What am I doing wrong here and how can I fix it.

Any input would be greatly appreciated.

0 likes
2 replies
Xation's avatar

I try to doing exactly the same thing. Actually I need to reload the page after the ajax login to get the laravel_token.

You find a solution ?

badrobot1's avatar

laravel_token cookie is http only (you can not get it from js)

Please or to participate in this conversation.