Laravel API requests from AngularJS with login&csrf tokens implementation

Hi.

I'm kinda new to the world of laravel but I got the basic idea of it. So I decided to design an app that will use the laravel as a backend API while the front end will be implemented in AngularJS.

I will try to describe a simple app in order to make clear my question. So, imagine an app that one can use it both as a guest and a registered user. The app will allow the user to upload some files to the server and make some analysis on them using the API. The difference between a guest and a registered user would be that the files of the latter one will be kept to the server.

In that simple app, there will be a login form as well as a form to upload a file. Since I'm gonna use angular JS for the front-end I'm wondering which is the best way to handle users' sessions (e.g on login and the other API calls) and also if there is possible to use in the forms csrf tokens (e.g while uploading the file)

I've looked at the Json Web Token Implementation for the login but I would like to see if there are any better alternative approaches.

Any idea or online resources will be welcomed.

Thank you.

campo

7 years ago

Level 7

One way that I usually reach for (if you're not building an SPA) is to use Laravel's baked in authentication, and then use https://laravel.com/docs/5.7/passport to consume your API. See https://laravel.com/docs/5.7/passport#consuming-your-api-with-javascript. Passport does all the work.

"This Passport middleware will attach a laravel_token cookie to your outgoing responses. This cookie contains an encrypted JWT that Passport will use to authenticate API requests from your JavaScript application. Now, you may make requests to your application's API without explicitly passing an access token"

Please or to participate in this conversation.