jonquintero
jonquintero

Reputation: 31

Laravel Sanctum and Tenancy unauthenticated API Token

I've a problem with Laravel Sanctum, I've been googling for almost 1 week and have not found the solution, I use Sanctum with hyn/multi-tenant, I don't use SPA authentication but API Token authentication. The tenant authenticates well and generates the token, but for some reason does not access the routes protected by the auth:sanctum middleware, this only happen with tenant users, the token is lost or not passed, redirect to login.

I don't think the problem is tenancy package, I think is something with sanctum, because with main domain work fine, but with subdomains middleware sanctum not work, because lose API token Authorization.

I've defined too SANCTUM_STATEFUL_DOMAINS and SESSION_DOMAIN and doesn't work, I also pass the X-XSRF-TOKEN and it doesn't work either

This is my SANCTUM_STATEFUL_DOMAINS=new-api.test

and SESSION_DOMAIN=.new-api.test

Upvotes: 1

Views: 1988

Answers (2)

Mihai Cata
Mihai Cata

Reputation: 53

You must extend PersoanlAccessToken and add use UsesTenantConnection; than in a provider's boot method you need to add Sanctum::usePersonalAccessTokenModel(PersonalAccessToken::class); where you use your own model.

I am using tenant from spatie and I did the following:

<?php


namespace App\Models\Tenant;
use Laravel\Sanctum\PersonalAccessToken as SanctumPersonalAccessToken;
use Spatie\Multitenancy\Models\Concerns\UsesTenantConnection;

class PersonalAccessToken extends SanctumPersonalAccessToken
{
    use UsesTenantConnection;
}

and in my AppServiceProvider I added

Sanctum::usePersonalAccessTokenModel(PersonalAccessToken::class);

my own model

Hope this is helpful

Upvotes: 2

Marco Cazzaro
Marco Cazzaro

Reputation: 701

On the third level domain check if your .htaccess file has this directive:

RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

I had a similar problem: Laravel sanctum unauthenticated

Upvotes: 1

Related Questions