0

I followed the instructions to setup and install Laravel Breeze and it worked to the extent that I could register a user and subsequently log in, so that's cool.

What I'm struggling to get working is to set up my API routes to only be accessible when a user is logged in.

In my api.php file, I have this route set up to return ["message" => "success"] which I can access at /api/test if I remove the middleware wrapper. I have tried putting in various things in the below middleware bit - ['auth'], ['auth.api'] etc but nothing seems to work. Some middleware 'passes' but inside my TestController, if I dump Auth::user(), I get null.

Route::middleware( ?? what goes here ??)->group(function () {
    Route::get('test', TestController::class);
});

This is my guards file, I copied the API section from stackO.

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'api' => [
        'driver' => 'session',
        'provider' => 'users',
        'hash' => false,
    ],
],

Any assistance would be welcomed, thank you

James Stewart
  • 869
  • 12
  • 33
  • if it isn't a stateless api and you need the session (which is what the default auth driver uses) then you would want the `web` group applied to those routes (which has a middleware that starts the session), not the `api` route (which doesn't use sessions) ... if you want to use that `api` auth guard you have adjust to use sessions then the middleware would be `auth:api`, after the `:` is a parameter to the middleware; but there is no difference between the `web` and `api` guards that you have, they are configured the same ... and the `session` driver doesn't use the `hash` configuration key – lagbox Dec 16 '21 at 22:00
  • If the API routes don't use sessions, what middleware should be used? I'm making the call from within a Vue component – James Stewart Dec 16 '21 at 22:06
  • the `api` group, which is already assigned to all the routes in `api.php` ... but how are you going to authenticate the user? do you have a token to pass with the request? – lagbox Dec 16 '21 at 22:07
  • I guess that's what I'm trying to find out - I can't find any information about how I do that part with Breeze – James Stewart Dec 16 '21 at 22:08
  • you could see if this part helps you for apis https://laravel.com/docs/8.x/starter-kits#breeze-and-next – lagbox Dec 16 '21 at 22:15
  • 1
    maybe use `passport` for oauth2 or `sanctum` for oauth – Farhan Ibn Wahid Dec 17 '21 at 04:53

0 Answers0