0

I'm currently using Laravel with VueJS for a web app. Using Sanctum for the API works great.

However, I also created a small Android app. This android app requires the token creation in order to authenticate. To make it work, I have to remove the following line from the Kernel API section, as otherwise I'm getting a 419:

EnsureFrontendRequestsAreStateful::class

Now, that's the problem: If I remove it, it will work on with the Android app but it won't work in the web app, and viceversa.

I guess I can remove it and create tokens for the web version too? Although I'm using Laravel standard login.

What do you think would be the best approach here?

Inigo EC
  • 2,178
  • 3
  • 22
  • 31
  • You don't have to remove the EnsureFrontendRequestsAreStateful middleware from the kernel. From the Vue app, you just have to hit the `/csrf-cookie` endpoint before you login. Also from the login controller, send a token in the response. Web app should discard it, mobile app should use it. You don't need to hit `/csrf-cookie` from mobile app. – Tanmay Sep 28 '20 at 03:23
  • If I keep the EnsureFrontendRequestsAreStateful I get a 419 when calling from the Android app - I was thinking about removing that middleware from the kernel and wrap all the api routes but the custom api login with it. In the web version I'm using Laravel login anyway. – Inigo EC Sep 28 '20 at 07:36

0 Answers0