Reputation: 31
I've a problem with Laravel Sanctum, I've been googling for almost 1 week and have not found the solution, I use Sanctum with hyn/multi-tenant, I don't use SPA authentication but API Token authentication. The tenant authenticates well and generates the token, but for some reason does not access the routes protected by the auth:sanctum middleware, this only happen with tenant users, the token is lost or not passed, redirect to login.
I don't think the problem is tenancy package, I think is something with sanctum, because with main domain work fine, but with subdomains middleware sanctum not work, because lose API token Authorization.
I've defined too SANCTUM_STATEFUL_DOMAINS and SESSION_DOMAIN and doesn't work, I also pass the X-XSRF-TOKEN and it doesn't work either
This is my SANCTUM_STATEFUL_DOMAINS=new-api.test
and SESSION_DOMAIN=.new-api.test
Upvotes: 1
Views: 1988
Reputation: 53
You must extend PersoanlAccessToken and add use UsesTenantConnection;
than in a provider's boot method you need to add Sanctum::usePersonalAccessTokenModel(PersonalAccessToken::class);
where you use your own model.
I am using tenant from spatie and I did the following:
<?php
namespace App\Models\Tenant;
use Laravel\Sanctum\PersonalAccessToken as SanctumPersonalAccessToken;
use Spatie\Multitenancy\Models\Concerns\UsesTenantConnection;
class PersonalAccessToken extends SanctumPersonalAccessToken
{
use UsesTenantConnection;
}
and in my AppServiceProvider I added
Sanctum::usePersonalAccessTokenModel(PersonalAccessToken::class);
my own model
Hope this is helpful
Upvotes: 2
Reputation: 701
On the third level domain check if your .htaccess file has this directive:
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
I had a similar problem: Laravel sanctum unauthenticated
Upvotes: 1