[Bug] Issue with authenticating after sign-in

[ILLuMiNaTe7]

Describe the bug For some reason, I cannot manage to get the module to work with Laravel 11.

I've read the issue https://github.com/manchenkoff/nuxt-auth-sanctum/issues/34 however this one sadly did not lead to a solution for me.

Although the CSRF request and login functionalities are operational, accessing the api/user route triggers an authentication error within the app saying I am not authenticated.

Temporarily I've opened up my test environment to the public so you can see the behaviour for yourself: https://app2.illuminate-solutions.nl/ (Nuxt 3) https://api2.illuminate-solutions.nl/ (Laravel 11)

To Reproduce Steps to reproduce the behavior:

When utilizing Breeze, there's an inherent POST request predefined for the /login route. However, even with the Default installation, this POST request must be manually initiated. For the sake of this demonstration, we'll be utilizing Breeze.

1. Initiated the installation of a pristine Laravel Breeze application via Laravel Herd. (Whether opting for Breeze or the Default installation, both yield similar results.)
2. Executed php artisan install:api & php artisan migrate:refresh --seed.
3. Configured necessary settings in config/cors.php, config/sanctum.php, and .env.
4. Attempted to log in via the module within your Nuxt application.

Expected behavior The user is signed in and being able to access the API.

Screenshots

Module information

• Version: 0.2.1
• Complete configuration of sanctum from your nuxt.config.ts

export default defineNuxtConfig({
  devtools: { enabled: true },
  modules: ['@nuxtjs/eslint-module', 'nuxt-auth-sanctum'],
  ...
  sanctum: {
    baseUrl: 'https://api2.illuminate-solutions.nl/' // Laravel API
  }
})

Nuxt environment:

• Version: 3.11.2
• Mode: SSR
• Environment: Local & Production

Laravel environment:

• Version: 11.0.0

• Sanctum installed via Breeze + php artisan install:api

• Checklist completed: All checked.

• Session domain from your config/session.php: SESSION_DOMAIN=.illuminate-solutions.nl

• List of stateful domains from your config/sanctum.php

  return [
  'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
  '%s%s',
  'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1,https://app2.illuminate-solutions.nl,app2.illuminate-solutions.nl',
  Sanctum::currentApplicationUrlWithPort()
  ))),
  ];

• Standard Laravel Breeze login handler app/Http/Controllers/Auth/AuthenticatedSessionController.php (Also doesn't work without Breeze)

  /**
  * Handle an incoming authentication request.
  */
  public function store(LoginRequest $request)
  {
  $request->authenticate();
  $request->session()->regenerate();
  return $request->user();
  }

• .env configuration:

  SESSION_DRIVER=database
  SESSION_LIFETIME=120
  SESSION_ENCRYPT=false
  SESSION_SECURE=true
  SESSION_PATH=/
  SESSION_DOMAIN=.illuminate-solutions.nl

• Api Routes configuration from routes/api.php

  Route::get('/user', function (Request $request) {
  return $request->user();
  })->middleware('auth:sanctum');

• CORS settings from your config/cors.php

return [
    'paths' => ['*'],
    'allowed_methods' => ['*'],
    'allowed_origins' => ['*', 'http://localhost:3000', 'https://app2.illuminate-solutions.nl/'],
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => true,
];

Additional context The issue might be caused by the missing X-XSRF-TOKEN in the /api/user request during login attempts.

[manchenkoff]

Hey @ILLuMiNaTe7, thanks for the more detailed issue! I'll take a look and get back to you once I find something

[manchenkoff]

Meanwhile, can you pls double-check that without slash at the end of allowed_origins value 'https://app2.illuminate-solutions.nl/' it also fails?

It should be like that

return [
    'paths' => ['*'],
    'allowed_methods' => ['*'],
    'allowed_origins' => ['http://localhost:3000', 'https://app2.illuminate-solutions.nl'],
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => true,
];

[ILLuMiNaTe7]

Hi @manchenkoff I've updated it and tested it however the issue appears to persist.

I've also updated it on the test environment.

Do you happen to have a Laravel test repository so we can test if that works?

[manchenkoff]

Nope, unfortunately, I don't have any preconfigured Laravel environment (will do it in the scope of #40). Right now only the Nuxt playground is available, you can clone this repo and start it locally by yarn dev. Not sure that it would help, but at least you can confirm that it is the problem on Laravel's side 😄

[manchenkoff]

Hey @ILLuMiNaTe7, I've just released v0.2.3 with additional logs for the plugin, if you still experience issues with connecting, you can try to upgrade and share the logs here to let me help with further investigation.

Regarding the fix, I couldn't reproduce the exact behavior thus I cannot tell what might be a reason in your case yet.

[manchenkoff]

Closing this for now, feel free to re-open with new details!

[akr4m]

@ILLuMiNaTe7, in Laravel use Session Driver to file