Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I'm wondering if anyone can give any tips or advice on the best approach for tackling a rather complicated, and frustrating issue I am having.
I've started working at a new company and we're in the midst of migrating all our frontend over to Nuxt & Vue, but given the scale of the project we need to do this incrementally. I've started the work, and all seems to be going well except for authenticating a user between Nuxt & Laravel.
I'm using JWT / Bearer Tokens for the Nuxt authentication, and they're using Laravel Sessions (Auth::attempt()) for their old stuff.
My Nuxt project is working fine, I'm able to authenticate using login credentials on the old code base, and I am able to make requests to their API, but the problem I face is a lot of their Controllers aren't accessible as an API, and so rather than re-writing it all right now (albeit that is the plan), I need a rather sleek way of authenticating a user for both the api & web routes at the same time.
I've considered a few options such as storing the authenticated user in Redis, passing session data in the API responses to the login, but I really want to know if anyone here has experience with something similar and has a sleek and nice way on conceptually doing this?
I unfortunately can't provide much code, but if there is something specific you wish to see I may be able to refactor for demonstration purposes.
I appreciate the help any of you could provide. I'm pulling my hair out here.
Is there a special reason why you need to use JWT tokens for authentication ? Maybe Laravel's built-in cookie based session authentication is enough. Take a look how Laravel Sanctum approaches the matter https://laravel.com/docs/7.x/sanctum#spa-authentication
The long-term plan is to rebuild our current code base as an all powerful API that can serve multiple frontend applications, but I'll certainly take a look at Sanctum, but does this allow for the authorisation between Web & Api routes?
I see a lot of Api discussion on Sanctum, and not a lot of Web.
It's pretty much because I've used JWT & Nuxt for a while now and it's what I am most comfortable with.
Please or to participate in this conversation.