Vue SPA in Laravel 8 with Homestead

I build a full API and want to consume it with Laravel Sanctum in a Vue App. I build the API first, because later there will be a mobile app. Problem is that I need the same domains for SPAs with Sanctum. In the past I did all laravel stuff on homestead and do npm serve on my normal system. Now I need both on homestead... What is the best (or normal) way to do this?

Use Jetstream with Inertia? => But i dont want tailwind. And i (i think) dont need the mix of blade and Vue.
Do it with npm install vue and webpack directly in Laravel
Do another directory in homestad and create SPA there?
... something else?

thx

Pixelairport

5 years ago

Level 12

Ok, I think I will do it a way, I tried to avoid and put the Vue stuff into my main project. I also found this (which I will watch tomorrow): https://laracasts.com/series/laravel-vue-and-spas ... Maybe it helps. But I have a last question. The Laravel docu says:

"For this feature, Sanctum does not use tokens of any kind. Instead, Sanctum uses Laravel's built-in cookie based session authentication services. This provides the benefits of CSRF protection, session authentication, as well as protects against leakage of the authentication credentials via XSS. Sanctum will only attempt to authenticate using cookies when the incoming request originates from your own SPA frontend."

Is token based not secure? I mean when I login and save the token in vuex store... Is this not a normal way? Docu says it is more secure, but not say what is not secure, when I do it with a token.

Please or to participate in this conversation.