search

manchenkoff / nuxt-auth-sanctum

Nuxt module for Laravel Sanctum authentication
https://manchenkoff.gitbook.io/nuxt-auth-sanctum/
MIT License
120 stars 16 forks source link

403 Forbidden #31

Closed WanyoikeJ closed 4 months ago

WanyoikeJ commented 4 months ago

Hi,

I have been using this package and works so well when on localhost. So i decided to simulate a production server and served my laravel on domain.test then my client is also running on domain.test:3000

i have set my laravel env config like this:

SESSION_DRIVER=file
SESSION_LIFETIME=120
SESSION_DOMAIN='domain.test'

and my Nuxt 3 client is also running on the same domain using these config:

devServer: {
        port: 3000,
        host: "domain.test",
    }

All unauthenticated endpoints are working just fine but when i login and the http://domain.test/api/user is called, i get error: 403 Forbidden

yet i had a successful login.

kindly assist.

manchenkoff commented 4 months ago

Hey @WanyoikeJ, have you checked this docs page to make sure that everything is configured correctly?

Also, when we have authentication issues we usually get a 401 error instead, 403 looks like backend misconfiguration. Could you share some examples of request / response? For instance, CSRF token retrieval requests and some secured endpoints.

WanyoikeJ commented 4 months ago

My apologies, the error code is 401.

Here is my client config:

sanctum: {
        baseUrl: process.env.API_BASE_URL, // Laravel API
        origin: process.env.CLIENT_BASE_URL, // Nuxt app
        redirect: {
            keepRequestedRoute: false, // Keep requested route in the URL for later redirect
            // onLogin: false, // Redirect to this page after successful login
            onLogin: "/", // Redirect to this page after successful login
            onLogout: "/auth/login", // Redirect to this page after successful logout
            onAuthOnly: "/auth/login", // Redirect to this page if user is not authenticated
            onGuestOnly: "/", // Redirect to this page if user is authenticated
        },
        endpoints: {
            csrf: 'http://startup.test/sanctum/csrf-cookie', // CSRF cookie endpoint
            login: 'http://startup.test/login', // Endpoint that accepts user credentials
            logout: 'http://startup.test/logout', // Endpoint to destroy the current session
            user: 'http://startup.test/api/user', // Endpoint that return current user information
        },
    },

My cors.php config for allowing requests to the backend look like this:

'allowed_origins' => [env('FRONTEND_URL', 'http://startup.test:3000')],

On my laravel application, i have this endpoint that is getting the user details:

Route::middleware(['auth:sanctum'])->get('/user', function (Request $request) {
    return $request->user();
});

and so when this endpoint is called, i get the 401 Authorization Exception

I am al so getting the CSRF tokken using this endpoint and its responding with a status code of 204. which is just fine:

http://startup.test/sanctum/csrf-cookie

WanyoikeJ commented 4 months ago

Hi, I think i figured it out, i was missing the SANCTUM_STATEFUL_DOMAINS.

Thanks so much for the assistance.

manchenkoff commented 4 months ago

You're welcome! 😊