Use Sanctum in laravel backpack authentication

Question

I have been using laravel backpack for my project using default bootstrap jquery. Using the default login form of laravel backpack, I am able to login. My question is, how could I use Laravel Sanctum to protect my VUEJS app with the logged in data of laravel backpack?

# .env
SANCTUM_STATEFUL_DOMAINS=localhost,127.0.0.1:8000
SESSION_DOMAIN=localhost
SESSION_DRIVER=cookie

bakpack base.php

'guard' => 'web',

kernel.php

'api' => [
        \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        'throttle:api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

app.js

 axios.defaults.withCredentials = true;

 axios.get('/sanctum/csrf-cookie').then(() => {
  axios.get('/api/user').then(response => {
    console.log(response.data);
  });
});

Here is my api.php

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
  return $request->user();
});

the /sanctum/csrf-cookie has a CSRF-TOKEN header and successful but the /api/user returns 401.

How to fix this?

Answer 1

Backpack's authentication uses a completely separate authentication driver, provider, guard and password broker. They're all named backpack.

If you need a separate login/auth for the front user, go ahead and set up Sanctum regularly.

I also want to highlight that Laravel Sanctum supports both

• Token-based auth
• and "stateful" authentication using Laravel session cookies.

I'm using it on my project(Laravel+Sanctum+Backpack+lighthouse-php(graphQL API)). But yes, the sanctum has a learning curve. I choose to keep it stateful, so I don't need to bother about key storing and protecting on the client side. AFAIR, The following two .env attributes helped to make it stateful

SESSION_DOMAIN=.get-set-sold.test
SANCTUM_STATEFUL_DOMAINS=.get-set-sold.test