Level 51
No, you just need to send the CSRF with your Javascript request as long as you're sending it from the same app domain.
Nov 28, 2022
7
Level 1
Authenticate user for both standard and SPA pages
Hello,
I use Inertia with Svelte to build my app and I manually authenticate users (https://laravel.com/docs/9.x/authentication#authenticating-users), which works for all the pages except for modal dialogs where I use JS fetch to get data from the API routes (with fetch Auth::user() is NULL). I looked up SPA authentication and it seems like I need to use Sanctum to authenticate API calls. Does it mean the user needs to authenticate twice, once the standard way, and another for AJAX calls. Can I have the single login form for both? Can you please point me in the right direction? Thanks!
Level 1
@MohamedTammam Can you please point me to a documentation page with more details on how to do it? Thanks!
Level 51
Level 1
@MohamedTammam Awesome! This is exactly what I was missing. Thank you very much for the great response.
Level 51
@ishunko Glad that helped. Please mark the thread as solved.
Level 1
@MohamedTammam One more question. This seems to work on web routes. Is there a trick to make it work with API routes too? Or is it ok to use web routes as AJAX endpoints?
Level 51
@ishunko the different between API and Web routes are the middleware. So it depends on how you're building your app.
1 like
Please or to participate in this conversation.