Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hey guys, Im currently building a Vue app, where most of my data fetching and updating is through Ajax. Authentication is through Ajax as well, and it's set up like normal Laravel authentication, just with Ajax, using web.php routes and not api.php.
I have a few GET requests that are available to the public, but most of my requests are through POST and only go through, if the user is authenticated.
So my question is, do I really need Laravel Passport (OAuth2.0) in this case? Is my app not secure because of the way it is implemented now?
Thanks in advance!
If the user is authenticated, then you are fine as long as the authentication is done properly. You shouldn't need to use Passport as a second method of authentication. One is enough. In short, if you had structured your app differently with Laravel as an API and a separate front-end then Passport and CORS would be necessary.
Please or to participate in this conversation.