Laravel has recently launched a new authentication gate called Sanctum. In this post, I'll show you how to set up Paw so that it plays nicely with Sanctum's SPA Authentication, which uses Laravel's built-in session authentication.
To make sure we're on the same page, here's my setup:
If you're set too, let's go.
In Paw, add a new request that calls GET /sanctum/csrf-cookie
You can name this request "Get Sanctum CSRF cookie."
Let's create another request that'll call POST /login
(or the login endpoint of yours). Configure the request like
this:
Don't forget to set up the values for email/password accordingly.
If everything goes right, you'll get back an user object, and a bunch of cookies that sign you in.
All is good until this point. But don't forget to set the "Referer" header when calling a protected endpoint, because
otheriwse you'll get 401 Unauthenticated.
Let's see an example:
baseUrl
here points at the Laravel application. The path does not seem to matter, only the domain must match.
You can take a look at Paw's documentation. In most cases, resetting the session (deleting all the cookies) works fine.
Good luck!