Laravel has recently launched a new authentication gate called Sanctum. In this post, I'll show you how to set up Paw so that it plays nicely with Sanctum's SPA Authentication, which uses Laravel's built-in session authentication.
To make sure we're on the same page, here's my setup:
If you're set too, let's go.
In Paw, add a new request that calls
GET /sanctum/csrf-cookie You can name this request "Get Sanctum CSRF cookie."
Let's create another request that'll call
POST /login (or the login endpoint of yours). Configure the request like
Don't forget to set up the values for email/password accordingly.
If everything goes right, you'll get back an user object, and a bunch of cookies that sign you in.
All is good until this point. But don't forget to set the "Referer" header when calling a protected endpoint, because
otheriwse you'll get
Let's see an example:
baseUrl here points at the Laravel application. The path does not seem to matter, only the domain must match.
You can take a look at Paw's documentation. In most cases, resetting the session (deleting all the cookies) works fine.