auth("sanctum")->check() returns true if authenticated with session

Hi, I'm using SPA session authentication in laravel as well as generating tokens for the user's using laravel sanctum. now I want to check if the request is authenticated using authorization bearer token or is it authenticated using SPA session. I tried this

auth("sanctum")->check();

and it returns true if logged in with SPA which should return false as I'm trying to check if its logged in with the token and not the session.

puklipo

1 year ago

Level 9

Answer based on speculation.

use Laravel\Sanctum\TransientToken;
use Laravel\Sanctum\PersonalAccessToken;

$token = $user->currentAccessToken();

if($token instanceof TransientToken) {
    // SPA
}

if($token instanceof PersonalAccessToken) {
    // api token
}

1 like

iftekhs

1 year ago

Level 13

@puklipo Thanks! but apparently the currentAccessToken gives you the token back only if you are logged in using API token and it does not return anything if authenticated using SPA session. So I'm only checking if the token is present if it is then counting it as a API request.

MohamedTammam

1 year ago

Level 51

if(auth()->check() && request()->hasSession()) { // User is logged in with session based authentication.

}

1 like

Please or to participate in this conversation.