0

I want to open the default authentication provided by Laravel to my REST API. For this I am creating POST http://localhost:8080/api/login:

// In api.php
Route::post('/login', 'Auth\LoginController@login');

However, sending a POST request to this address gives me a runtime error in /media/Data/workspaces/git/mahlzeit/api/vendor/laravel/framework/src/Illuminate/Http/Request.php:

RuntimeException
Session store not set on request.

The payload I am sending is

{"name": "test", "password": "123456", "email": "test@test.com"}

although I don't think that's important here.

So.. the standard login for laravel is working - I don't see what I'm missing here.

Stefan Falk
  • 23,898
  • 50
  • 191
  • 378
  • You shouldn't be using session login for api though. Check [API Authentication](https://laravel.com/docs/5.5/passport) and google a bit on laravel api to see best practices. If you look at the `app/Http/Kernel.php` you will see that **api middleware group** doesn't have session... – ljubadr Oct 28 '17 at 19:47
  • @ljubadr Not sure if I understand: I should not use session login for api? – Stefan Falk Oct 28 '17 at 19:49
  • I wouldn't... this explains it nicely [the ins and outs of token based authentication](https://scotch.io/tutorials/the-ins-and-outs-of-token-based-authentication) – ljubadr Oct 28 '17 at 20:03
  • [Cookies vs Tokens: The Definitive Guide](https://auth0.com/blog/cookies-vs-tokens-definitive-guide/) – ljubadr Oct 28 '17 at 20:04
  • [Sessions vs. Token based authentication](https://stackoverflow.com/questions/40200413/sessions-vs-token-based-authentication) – ljubadr Oct 28 '17 at 20:05
  • Google out **api session vs tokens** and do a bit of research – ljubadr Oct 28 '17 at 20:05
  • Maybe in your case, session would be enough, if you plan to use your api with your website only... good luck :) – ljubadr Oct 28 '17 at 20:08
  • @ljubadr It's supposed to work as a backend for mobile apps ^^ I probably have to give it a ready first - I thought it's enough to use something like a cookie or whatever which I exchange after authentication with the client ^^ – Stefan Falk Oct 28 '17 at 20:13
  • Check if you will have access to cookies in your mobile app. If you do, you could modify `app/Http/Kernel.php` - `$middlewareGroups` **'api'=> [...]** to use `\Illuminate\Session\Middleware\StartSession::class` – ljubadr Oct 28 '17 at 20:19

0 Answers0