websanova / vue-auth

A simple light-weight authentication library for Vue.js
MIT License
2.36k stars 380 forks source link

Can this library be used with Laravel sanctum and fortify on the backend? #662

Closed Saif-XI-Coderz closed 2 years ago

Saif-XI-Coderz commented 3 years ago

Hi, I've read the docs, viewed the demos and tried implementing this library in my project. I'm on a Laravel backend with sanctum and fortify, since my spa and api are on same domain, Laravel lets me use sessions to authenticate (as opposed to token). Can this library be used to auth using sessions, the docs only talk about tokens auth?

websanova commented 3 years ago

yes, should be, I've yet to actually test it with Sanctum/cookie based tokens, but all it means is the token is sent automatically for you in requests via a cookie. Basically it would just need a "dud" driver to toggle whether the token exists in the cookie.

Bit busy at the moment, but it should be simple to setup, the auth drivers are just a few lines of code.

https://github.com/websanova/vue-auth/tree/master/src/drivers/auth

Should be something like that....

cookie.js

export default {

    request: function (req, token) {
         // do nothing here since cookie/token should automatically be sent in requests.
    },

    response: function (res) {
        var isCookie = ''; // check if cookie/token exists

        return isCookie ? 'true' : null;
    }
};

If you wanna try that out, and get something working I can add it the repo. I'm currently working on some updates to making testing/docs better, but could be a few months before I get all that out.

Saif-XI-Coderz commented 3 years ago

I'm afraid that's not gonna work, because whether you're logged in or not Laravel assigns you the cookie. It's only in the backend that Laravel knows whether that cookie is associated with a user or is a guest (unauthenticated).

websanova commented 3 years ago

hmm, in that case I'm not sure, I haven't used cookie based auth in a while. I assumed if there is a logout call on the api it will respond with an updated (expired) cookie.

But, this can also be done manually via the plugin. So on the $auth.logout on success just expire the cookie.

this.$auth.logout()
     .then(() => {
        // expire the cookie.
    })

And note the library comes with a small cookie lib so you don't need to write/add more code for this:

https://github.com/websanova/vue-auth/blob/master/src/lib/cookie.js

TCURT15 commented 3 years ago

@Saif-XI-Coderz were you able to get this working and care to share any examples?

gileneusz commented 2 years ago

@websanova it would be great if this would work out of the box with an example on docs. Laravel sanctum & fortify is now the default and easy way to configure api authentication. If an easy example would be provided with handling csrf token it would save huge time for many users and the plugin would be out of the box ready for provided configuration. Now all I can do is just copy-paste code from https://laravelvuespa.com/authentication/laravel-authentication/

But I know your plugin is much better and is providing a lot more features, roles, many auth methods...

websanova commented 2 years ago

@gileneusz I've used it with Sanctum API token auth, it works out of the box for that as it's just an authorization header. For cookie based, with the csrf token should work, but it requires fetching the token first for the login.

This is kind of an aside from the plugin though. But really should not be so complicated, on login just do a regular http request for the /sanctum/csrf-token first or maybe it's on load or something. Either way once you have that token should work out of the box with that token included in the login body.

gileneusz commented 2 years ago

@websanova it starts being complicated from just pinging laravel fortify default localhost:8000/login route. Plugin tries to ping localhost:8000/auth/login instead... I remember complaining about the docs 2 years ago to be beginners friendly, and I feel like I'm traveling in time... :/

Saif-XI-Coderz commented 2 years ago

@TCURT15 Sorry for the late reply. I've had lot of trouble trying to use this library. I've decided not to use it in the end.