I have build a website all by myself: Laravel + blade.
Now we want to make a site using vue, frontend and backend seperate. Not frontend ui/ux and admin, but frontend html,js,vue,css and backend php,database.
I’m not familliar with this. Should I use passport? sanctum? jwt?
Users login to http://www.example.com, and the site use api to communicate with http://api.example.com. We dont need third party, like some shopping website use google account to login.
I see the kernel.php
protected $middlewareGroups = [
'web' => [
AppHttpMiddlewareEncryptCookies::class,
IlluminateCookieMiddlewareAddQueuedCookiesToResponse::class,
IlluminateSessionMiddlewareStartSession::class,
IlluminateViewMiddlewareShareErrorsFromSession::class,
AppHttpMiddlewareVerifyCsrfToken::class,
IlluminateRoutingMiddlewareSubstituteBindings::class,
],
'api' => [
// LaravelSanctumHttpMiddlewareEnsureFrontendRequestsAreStateful::class,
'throttle:api',
IlluminateRoutingMiddlewareSubstituteBindings::class,
],
];
Why api middlewareGroups uses less class? Like "StartSession", "EncryptCookies"… api middlewareGroups doesn’t need this?
2
Answers
You should check the sanctum package.
Frontend can get an access token with username and password. Put the access token in request header will do the authentication.
If you don’t require third-party or machine-to-machine integration, then Sanctum is the best option to use.
The API middleware group does not require sessions or cookies unless you are using SPA authentication (Sanctum).
If you take a look at
LaravelSanctumHttpMiddlewareEnsureFrontendRequestsAreStateful::class
under the hood it usesYou can refer to the Laravel documentation on Sanctum for more information: https://laravel.com/docs/10.x/sanctum#spa-authentication.