Closed WanyoikeJ closed 4 months ago
Hey @WanyoikeJ, have you checked this docs page to make sure that everything is configured correctly?
Also, when we have authentication issues we usually get a 401 error instead, 403 looks like backend misconfiguration. Could you share some examples of request / response? For instance, CSRF token retrieval requests and some secured endpoints.
My apologies, the error code is 401.
Here is my client config:
sanctum: {
baseUrl: process.env.API_BASE_URL, // Laravel API
origin: process.env.CLIENT_BASE_URL, // Nuxt app
redirect: {
keepRequestedRoute: false, // Keep requested route in the URL for later redirect
// onLogin: false, // Redirect to this page after successful login
onLogin: "/", // Redirect to this page after successful login
onLogout: "/auth/login", // Redirect to this page after successful logout
onAuthOnly: "/auth/login", // Redirect to this page if user is not authenticated
onGuestOnly: "/", // Redirect to this page if user is authenticated
},
endpoints: {
csrf: 'http://startup.test/sanctum/csrf-cookie', // CSRF cookie endpoint
login: 'http://startup.test/login', // Endpoint that accepts user credentials
logout: 'http://startup.test/logout', // Endpoint to destroy the current session
user: 'http://startup.test/api/user', // Endpoint that return current user information
},
},
My cors.php config for allowing requests to the backend look like this:
'allowed_origins' => [env('FRONTEND_URL', 'http://startup.test:3000')],
On my laravel application, i have this endpoint that is getting the user details:
Route::middleware(['auth:sanctum'])->get('/user', function (Request $request) {
return $request->user();
});
and so when this endpoint is called, i get the 401 Authorization Exception
I am al so getting the CSRF tokken using this endpoint and its responding with a status code of 204. which is just fine:
http://startup.test/sanctum/csrf-cookie
Hi, I think i figured it out, i was missing the SANCTUM_STATEFUL_DOMAINS.
Thanks so much for the assistance.
You're welcome! 😊
Hi,
I have been using this package and works so well when on localhost. So i decided to simulate a production server and served my laravel on domain.test then my client is also running on domain.test:3000
i have set my laravel env config like this:
and my Nuxt 3 client is also running on the same domain using these config:
All unauthenticated endpoints are working just fine but when i login and the
http://domain.test/api/user
is called, i get error: 403 Forbiddenyet i had a successful login.
kindly assist.