The GET method is not supported for route api/login. Supported methods: POST.

[mkgy]

Describe the bug After submit I receive the following error-message: Error - FetchError: [GET] "http://localhost:8000/api/login": 405 Method Not Allowed ERROR Unable to load user identity [GET] "http://localhost:8000/api/user": 404 Not Found

I undertstand this message since on my backend (Laravel) the resource-endpoint is reachable via POST-method

To Reproduce

1. set up sanctum on Laravel (version 10) and serve on port 8000 (not the default port 80 in project nuxt-auth-sanctum)
2. npm run dev project nuxt-auth-sanctum
3. In searchbar navigate to http://localhost:3000, provide credentials and submit

Expected behavior Expecting to fetch user data via POST-method

Screenshots

Module information

export default defineNuxtConfig({
    modules: ['nuxt-auth-sanctum'],

    sanctum: {
        baseUrl: 'http://localhost:8000',
    },
});

Nuxt environment:

• Environment: local

Laravel environment: I am using the following repository:

https://github.com/hasinhayder/hydra

return [
    'stateful' => explode(
        ',',
        env(
            'SANCTUM_STATEFUL_DOMAINS',
            sprintf('%s','localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1')
        )
    ),
];

• CORS settings from your config/cors.php

return [
      'paths' => ['api/*', 'sanctum/csrf-cookie','login', 'logout'],
    'allowed_methods' => ['*'],
    'allowed_origins' => [
        env('FRONTEND_URL', 'http://localhost:3000'),
    ],
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => true,
];

Additional context Also it took me a while to get to the current HTTP-method error. It seems somewhere in the your code the endpoint " api/user" is set by default. I needed to edit line 32 in src/runtime/composables/useSanctumAuth.ts. from :

user.value = await client(options.endpoints.user); to user.value = await client(options.endpoints.login);

to get the following URL: http://localhost:8000/api/user

[manchenkoff]

Hey @mkgy! Yes, it is indeed set by default, but you can configure all these endpoints, please read the documentation for the package, you can find the link in the readme or in the description of the repo or directly go to configuration page. Method POST is used for submitting credentials while GET is used for authenticated user retrieval, in your case it will be:

• endpoints.login is Route::post('login', [UserController::class, 'login']) from you routes/api.php
• endpoints.user is Route::get('me', [UserController::class, 'me'])->middleware('auth:sanctum') from your routes/api.php

If your routes are properly configured, then it should be accessible as domain/api/login and domain/api/me, use these URLs in the sanctum section in your nuxt.config.ts.

[mkgy]

Hi@manchenkoff, thanks for the quick response. I just added some screenshots to display my errors. I have implemented your suggestions. Yet the problem exists.

Hope you can help further

[manchenkoff]

@mkgy thanks for more details, but now I see that you have 401 response which means that there are no problems with routes and methods anymore. Package behavior is correct, yet there might be 2 reasons for 401:

• incorrect credentials
• incorrect cookies configuration

Can you double-check that /api/me request contains necessary cookies like XSRF-TOKEN? Also, please remove SESSION_DOMAIN from your .env file for Laravel, it doesn't work with localhost

[mkgy]

/api/me does indeed contain the necessary cookies as it can be seen in the following screenshot:

My Laravel CORS settings are as follows:

[mkgy]

By the way my sanctum.php looks like this:

[mkgy]

I do get a token from backend though

[manchenkoff]

@mkgy Your sanctum.php middleware should look like this in order to authenticate user via Cookie, token-based auth is not supported

'middleware' => [
        'authenticate_session' => Laravel\Sanctum\Http\Middleware\AuthenticateSession::class,
        'encrypt_cookies' => Illuminate\Cookie\Middleware\EncryptCookies::class,
        'validate_csrf_token' => Illuminate\Foundation\Http\Middleware\ValidateCsrfToken::class,
    ],

[mkgy]

no success unfortuntely.

[mkgy]

[manchenkoff]

@mkgy I would suggest you to debug Laravel side in order to check which middleware is failing, unfortunately, since you posted a screenshot where both sides work with cookies properly, I cannot check what is wrong w/o accessing API codebase, I assume that session-related middleware is not working properly or not getting cookie value or even not associating it with user properly.

It might be also the problem in Hydra code, since it may use custom code which is not supported by default Laravel Sanctum package. You should also check how the session is generated when you log into the account.

[mkgy]

ok, i understand. Thank you very much for your quick response and time. It seems from your package's side everything is working as it suppose to. By the way, I am given a hint in the following link: https://laracasts.com/discuss/channels/laravel/authenticate-user-using-cookie-laravel-sanctum. That hint combined with your previous suggestion on the middleware seems to be a possible solution to my problem. Again much thanks for your effort.