Support the ongoing development of →
Authentication Laravel Security
Last updated 2 years ago.

themustafaomar liked this thread


Anyone out there?

saberyjs, petzjohannes, themustafaomar liked this reply


Hi Tom,

I have the same situation as you. My application is split into backend (Laravel) and frontend (vue). Now I am struggling the for hours to decide what to use.

My research gives me a lot of headaches and everyone is doing something else. And most of the time something like "Vue -> Request -> Backend -> change request -> Request Backend again"...

Now I am trying to implement the PKCE. Do you have a working prototype or something? Have you solved the problem already?


Please follow the instructions on this Page under the Approving The Request section

Last updated 4 years ago.

"Sometimes you may wish to skip the authorization prompt"

This does NOT work with PKCE as I mentioned in my original post


Hello guys, I've been searching for this for three days and I'm about to break my monitor :(

I faced the same issue and I'm literally confused. Since I'm working on a Vue SPA app I heard about Laravel Passport but it seems it's not the best choice although they have a special section for SPA which is PKCE, but this has some strange issues.

I've read Tom's comment and heard about Sanctum is that working fine for SPA?

it seems like it was created for the SPA! please let me know, thanks.

Last updated 3 years ago.

Sanctum is probably your best bet (Laravel Employee)

themustafaomar, paulocuambe liked this reply


Thanks! I already gave it a try It's the best choice for SPA.


Hey guys, i guess i'm a bit late to the party but i would like to ask if you're trying to implement this on a Laravel and Vue single project, or there is a laravel api somewhere and there's another vue spa trying to consume the api from another domain?

I'm currently creating two projects, a laravel api for backend and vue spa consume it. I started the project with Passport but you guys are saying that Sanctum is the best choice for SPAs, is this true for my case?

I didn't implement the vue app already, so it would be nice to know if i'm there's a better authentication option.


They say you have to be on the same top-level domain.

In order to authenticate, your SPA and API must share the same top-level domain. However, they may be placed on different subdomains.

So I think if you're working on multiple domains you won't be able to use Sanctum.

You'll need to use something like tymondesigns/jwt-auth to generate tokens, but I don't recommend it if you're going to store tokens in the localStorage.

However, there is a trick you can implement to store the tokens within an http-only cookie.

Please ignore the Passport part just focus on how to respond with a cookie carrying the token when you're logged in successfully, and how to inject the cookie value to the Authorization header before Laravel handles the authorization operation.

that's all I know wish it helps.

Last updated 4 years ago.

Thanks Mustafa, i will give it a look.

themustafaomar liked this reply


Sign in to participate in this thread!


Your banner here too?

Tom tjhunkin Joined 13 Feb 2020


We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 - All rights reserved.