11

I am using Laravel sanctum in my project with angular as frontend. Getting unauthenticated from the second api request. Please let me know where am I going wrong

Frontend-> 127.0.0.1:4200

Backend-> localhost:8888

.env config

SESSION_DOMAIN=localhost SANCTUM_STATEFUL_DOMAINS=127.0.0.1

Added middleware auth:sanctum to the routes group in api.php

Ref: https://prnt.sc/rm9ejy

user3326941
  • 173
  • 1
  • 3
  • 12

9 Answers9

10

For anyone having an Unauthenticated error, please ensure you follow these steps.

  • Send a GET request to /sanctum/csrf-cookie
  • Send a post request to web route /login to get authenticated

After this step, you will be successfully authenticated by auth:sanctum middleware in the API route.

Other things to be aware of:

  1. Ensure your SESSION_DOMAIN is set to localhost
  2. SANCTUM_STATEFUL_DOMAIN is set to your sub domain/SPA with the port e.g localhost:8000

For the original question please ensure you maintain same domain. I mean use localhost for both. And set SANCTUM_STATEFUL_DOMAIN = localhost:4200

Edited

Also set SESSION_DRIVER

Stanley Aloh
  • 181
  • 3
  • 10
8

Add your domains, for example my API is running on localhost:8000 my client is running on localhost:3000 so my env setting looks like below

SANCTUM_STATEFUL_DOMAINS=localhost:8000,localhost:3000

also, add your session domain

SESSION_DOMAIN=localhost
HadiNiazi
  • 1,031
  • 1
  • 7
  • 17
  • I used custom domain name for calling the backend and frontend like (backend) `api.devtest.test` (frontend) `devtest.test` What should be written on `SESSION_DOMAIN` ? – Shulz Jul 21 '21 at 02:44
6

Have you checked your Kernel.php? app/Http/Kernel.php

Make sure you uncomment \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, coz by default it is being commented

'api' => [
    \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
    'throttle:api',
    \Illuminate\Routing\Middleware\SubstituteBindings::class,
],
jrran90
  • 587
  • 13
  • 16
  • 3
    You nailed it! What you are suggesting also is into the docs, check here https://laravel.com/docs/8.x/sanctum#sanctum-middleware – Fernando Torres Nov 01 '21 at 19:45
4

From the screenshot you shared I see your domain is localhost and not 127.0.01, just do: 

SANCTUM_STATEFUL_DOMAINS=localhost
Luis Montoya
  • 2,847
  • 1
  • 15
  • 24
3

For anyone using Laravel Homestead, use your actual domain.

SANCTUM_STATEFUL_DOMAINS=homestead.test
Daniel
  • 118
  • 6
3

Which version are you running? Since V2.4.0 you need to specify the port:

SANCTUM_STATEFUL_DOMAINS=localhost:4200

See this issue for more info.

gitmiro
  • 81
  • 4
1

Two days of pain and despair to arrive at this conclusion: the Bearer token was not attached to the request, and that was because of my .htaccess configuration.

If you, like me, are not able to authenticate via API token, try to add this line on your .htaccess file in the public directory in your Laravel project:

RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Right after RewriteEngine On directive.

CREDITS: Laravel not detecting auth token sent in the header and JWT package

Dharman
  • 26,923
  • 21
  • 73
  • 125
Marco Cazzaro
  • 532
  • 5
  • 13
0

The sanctum stateful domains require the port number as well.

e.g. SANCTUM_STATEFUL_DOMAINS=127.0.0.1:4200

Although in your case your screenshot shows it should be SANCTUM_STATEFUL_DOMAINS=127.0.0.1:4201

Peter Fox
  • 1,707
  • 2
  • 18
  • 33
0

I had the same solution as Marco, adding the rewrite rule to my htaccess in public fixed it.

RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

FYI I am hosting this on Auzre Web App Service (linux), if anyone else is doing that.

Nimantha
  • 5,793
  • 5
  • 23
  • 56
Robert Lane
  • 1
  • 1
  • 1