Laravel has recently launched a new authentication gate called Sanctum. In this post, I'll show you how to set up Paw so that it plays nicely with Sanctum's SPA Authentication, which uses Laravel's built-in session authentication.
Setup
To make sure we're on the same page, here's my setup:
- Fresh Laravel 7.x installation, with Sanctum enabled (I'm using only the SPA mode).
- Paw (v3) with the following extension installed: Laravel CSRF Token Dynamic Value
If you're set too, let's go.
Let's do this
Step 1. Get the CSRF cookie
In Paw, add a new request that calls GET /sanctum/csrf-cookie You can name this request "Get Sanctum CSRF cookie."
Step 2. The login endpoint
Let's create another request that'll call POST /login (or the login endpoint of yours). Configure the request like
this:
Don't forget to set up the values for email/password accordingly.
If everything goes right, you'll get back an user object, and a bunch of cookies that sign you in.
Step 3. Don't forget to set the referer
All is good until this point. But don't forget to set the "Referer" header when calling a protected endpoint, because
otheriwse you'll get 401 Unauthenticated.
Let's see an example:
baseUrl here points at the Laravel application. The path does not seem to matter, only the domain must match.
If something goes wrong?
You can take a look at Paw's documentation. In most cases, resetting the session (deleting all the cookies) works fine.
Good luck!
