MuhannedNoman
commented
1 day ago Laravel Sanctum have a built in support for tokens so why not use that and manage users on Nextjs through the token instead of sessions.
Open HanaAlhemyari opened 1 day ago
MuhannedNoman
commented
1 day ago Laravel Sanctum have a built in support for tokens so why not use that and manage users on Nextjs through the token instead of sessions.
AhmadHRai
commented
1 day ago Laravel Sanctum supports SPA authentication via cookies, we can integrate JWT for API authentication
$user = User::find(1);
$token = $user->createToken('YourAppName')->plainTextToken;On the Next.js side, we can store the JWT in localStorage or sessionStorage and send it in the Authorization header for subsequent requests:
fetch('/api/endpoint', {
method: 'GET',
headers: {
'Authorization': `Bearer ${jwtToken}`,
},
});
Description We are currently facing challenges with integrating Laravel Sanctum authentication into our Next.js application. Below is a detailed summary of the problem and the areas that need further clarification or solutions.
Current Setup Laravel Sanctum for Authentication:
We are using Laravel Sanctum to handle authentication. The authentication relies on cookies instead of local storage to maintain security. Cookies are set with the HttpOnly attribute enabled, making them inaccessible from the client side. Configuration settings are stored securely using environment variables (env). CSRF Token Management:
To secure our requests, we are handling CSRF (Cross-Site Request Forgery) tokens separately. This token management is organized in a component or service within our Next.js app to streamline the process. Integration with Next.js:
We are trying to combine Server-Side Rendering (SSR) in Next.js with Laravel Sanctum for authentication. The application follows a Single Page Application (SPA) structure, relying heavily on APIs to communicate with the backend. JWT Consideration:
We are exploring the option of switching to JWT (JSON Web Tokens) for authentication as an alternative to the current Sanctum setup. This consideration is still under review. Challenges Encountered Cookie Handling & Cross-Origin Authentication:
We're facing compatibility issues between Laravel Sanctum and Next.js when dealing with cookies across different origins (CORS). Ensuring that cookies are properly set, accessible, and managed during SSR requests has been challenging. CSRF Token Handling:
Managing CSRF tokens efficiently without adding complexity to the system is another key challenge. We need a streamlined approach that secures requests without causing additional development overhead. SPA & SSR Compatibility:
Balancing both SPA and SSR behavior is proving difficult. The goal is to maintain a smooth user experience while ensuring secure and consistent authentication states across both client-side and server-side. Expected Outcome We are looking for suggestions or solutions to:
Properly manage cookies and authentication across SSR and SPA contexts. Streamline the CSRF token management process. Assess the feasibility of using JWT instead of Laravel Sanctum for our setup. Any guidance, code examples, or best practices are highly appreciated!
Feel free to use this description as an Issue on GitHub to initiate a discussion with your team or get feedback from the community!