Token Authentication
Token-based authentication is not recommended for SPA applications. Still, it might be useful when you cannot host it on the same TLD or have a mobile or desktop application built with Nuxt (e.g. based on Capacitor).
To explicitly set this authentication mode, update sanctum.mode
configuration property to token
.
You can check the official Laravel documentation here - API Token Authentication.
How it works
First, you need to authenticate a user by submitting credentials to endpoints.login
endpoint:
The client will be automatically redirected to redirect.onLogin
route of your application.
To check other available methods, please refer to the composables section.
The module expects a plain token value in the response from the API that can be stored in cookies to be included in all subsequent requests as Authorization
header.
You can also implement your own token storage if cookies are not supported, for example - Capacitor, Ionic, LocalStorage, etc.
Laravel configuration
Your API should have at least two endpoints for login and logout which are included in api.php
routes, so make sure that you do not use the same endpoints as for cookie-based authentication (web.php
routes) to avoid CSRF token mismatch errors.
Keep in mind, that the domain where API requests are coming from should not be included in SANCTUM_STATEFUL_DOMAINS
variable, otherwise you will get a CSRF mismatch error.
The login endpoint must return a JSON response that contains token
key like this
Here you can find an example from official documentation - Issue API Token.
The logout endpoint should revoke the current client token to avoid inconsistencies with your Nuxt application state, please check official documentation - Revoke API Tokens.
You can also try our API template with the already implemented authentication logic for both cookie and token approach - breeze-nuxt.
Custom token storage
Default token storage uses cookies to keep the API Authentication token and automatically load it for both CSR and SSR requests. However, you are free to define custom storage in your app.config.ts
by implementing an interface.
Check this section for more details - Token storage.