Level 75
If your routes for api starts with api then you can check it
$request->is('api/*')
But you can set parameters for multiple guards
auth:api,sanctum
And just check in controllers where a request is coming from.
1 like
Aug 26, 2020
1
Level 1
Can we use laravel sanctum for frontend and laravel passport for api authentication
I have a laravel api backend which uses passport package to generate access_tokens. That access token is used in android and ios app for api request authentication.
I am building a front-end web app in which i want to use sanctum package for spa authentication.
I want to use passport for token authentication and sanctum for spa authentication on same set of api calls.
My issue is that how can I use both middlewares (auth:sanctum & auth:api) in same set of api calls?
One way I found is that define separate routes for both middlewares. In that case api end points will be different.
For iOS/Android
Route::group(['middleware' => ['auth:api', 'verified']], function(){
Route::get('device/logout', 'Api\AuthenticateController@logout');
Route::get('device/users', 'Api\UsersController@index');
Route::get('device/users/avatar', 'Api\UsersController@download');
});
For SPA
Route::group(['middleware' => ['auth:sanctum', 'verified']], function(){
Route::get('spa/logout', 'Api\AuthenticateController@logout');
Route::get('spa/users', 'Api\UsersController@index');
Route::get('spa/users/avatar', 'Api\UsersController@download');
});
Is there any possibility to add middleware dynamically? Like
#Route
Route::group(['middleware' => ['check_auth', 'verified']], function(){
Route::get('logout', 'Api\AuthenticateController@logout');
Route::get('users', 'Api\UsersController@index');
Route::get('users/avatar', 'Api\UsersController@download');
})
#check_auth middleware
public function handle($request, Closure $next) {
// If request from spa
$request->route()->middleware(`auth:sanctum`);
else
$request->route()->middleware(`auth:api`);
return $next($request);
}
Please or to participate in this conversation.