Laravel Sanctum and Tenancy unauthenticated API Token

Question

I've a problem with Laravel Sanctum, I've been googling for almost 1 week and have not found the solution, I use Sanctum with hyn/multi-tenant, I don't use SPA authentication but API Token authentication. The tenant authenticates well and generates the token, but for some reason does not access the routes protected by the auth:sanctum middleware, this only happen with tenant users, the token is lost or not passed, redirect to login.

I don't think the problem is tenancy package, I think is something with sanctum, because with main domain work fine, but with subdomains middleware sanctum not work, because lose API token Authorization.

I've defined too SANCTUM_STATEFUL_DOMAINS and SESSION_DOMAIN and doesn't work, I also pass the X-XSRF-TOKEN and it doesn't work either

This is my SANCTUM_STATEFUL_DOMAINS=new-api.test

and SESSION_DOMAIN=.new-api.test

Answer 1

You must extend PersoanlAccessToken and add use UsesTenantConnection; than in a provider's boot method you need to add Sanctum::usePersonalAccessTokenModel(PersonalAccessToken::class); where you use your own model.

I am using tenant from spatie and I did the following:

<?php


namespace App\Models\Tenant;
use Laravel\Sanctum\PersonalAccessToken as SanctumPersonalAccessToken;
use Spatie\Multitenancy\Models\Concerns\UsesTenantConnection;

class PersonalAccessToken extends SanctumPersonalAccessToken
{
    use UsesTenantConnection;
}

and in my AppServiceProvider I added

Sanctum::usePersonalAccessTokenModel(PersonalAccessToken::class);

my own model

Hope this is helpful

Answer 2

On the third level domain check if your .htaccess file has this directive:

RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

I had a similar problem: Laravel sanctum unauthenticated