This is by far the best explanation of this process I’ve heard! Thank you for taking the time to make things clear and as simple as possible! I’ve been using Laravel for about 5 years now but I still always get stuck on implementing auth as it’s not something I do very often! I wonder if you could make a video on how to implement sanctum auth with a framework like Sveltekit. I am interested in how you would implement this when there is also another server in between Laravel and the client. There is not much info on this elsewhere on the internet! Edit: I found your video on Nuxt + Laravel so I am going to take a look at that 😊
Omg what an explanation dude... Always Small Channel makes good content and step by step.. Thank you... Try to Understand this technical words long time ago. U got a new sub. Thx again
What is the purpose of a pre-flight request? Can't we get all the allow headers from the CSRF token request and then just send the login request? To me it seems like an extra API call that we could do without. Am I missing something?
I want to know that we will put route /login in web.php, after authenticated and get access token, all api link i request with different methods can re-use authenticated session?
I'm stuck with mine. After setting cookie and session the app login works fine. However once a refresh and try to check with api if the user is still login in the back end it Auth::check facade it returns null. Should it not return the user ?
Hey bro , im working on a laravel project with nextjs , i tried login and it worked and also user is working but when i try logout it respond with 419 error mismatch csrf token i tried everything and it still doesn't work could u pls help me😊
Why is the CSRF token generated previously of login? I mean I thought, it's not necessary that the user have any ID if he doesn't identify, doesn't it?
I don't get how you can build an API... Where you're using postman or similar. You're not coming from a server, just a desktop app .. what does the server/VM running the API think the referer is? There's no website making the request... Just an app. Really confuses me
not a good idea to store auth tokens in localstorage - mostly because js can reach it. andmost of your js is not really *your* js will explain more in a future video
Hey, first of all - thank you for this amazing video as well as all the others. I always find real value in almost every one of them. However, I wanted to ask, whether it would be possible to expand upon this video when adding the `remember_me` functionality into the mix. A couple of times I've stumbled upon an issue, where the session expires, but the user is still authenticated because of the remember me cookie, so then if you do a POST request (for example) it results in 419 while GET requests are working. But that's just an idea/suggestion. Thanks again for the incredible content and I am really looking forward to your Masteringauth course.
This is by far the best explanation of this process I’ve heard! Thank you for taking the time to make things clear and as simple as possible! I’ve been using Laravel for about 5 years now but I still always get stuck on implementing auth as it’s not something I do very often!
I wonder if you could make a video on how to implement sanctum auth with a framework like Sveltekit. I am interested in how you would implement this when there is also another server in between Laravel and the client. There is not much info on this elsewhere on the internet!
Edit: I found your video on Nuxt + Laravel so I am going to take a look at that 😊
Omg what an explanation dude... Always Small Channel makes good content and step by step.. Thank you... Try to Understand this technical words long time ago. U got a new sub. Thx again
This is VERY good! I really think Laravel should have explanations on this topic in their own documentation. Very well done!
couldn't have been explained in a better way
You explain it so perfectly!
A pretty good video, thanks a lot!
I'd really like to see how to implement this in code, so I'll very thankful if you will.
What is the purpose of a pre-flight request? Can't we get all the allow headers from the CSRF token request and then just send the login request? To me it seems like an extra API call that we could do without. Am I missing something?
Fantastic explanation! Great job.
Great explanation!
yes. it is useful. thanks a lot
You cover SPA. Fantastic. Will you cover Mobile Auth also? Especially Bearer Token for example react native or cordova apps? Thanks
this was an amazing explanation
I want to know that we will put route /login in web.php, after authenticated and get access token, all api link i request with different methods can re-use authenticated session?
thanks for the vedio very helpful
I'm stuck with mine. After setting cookie and session the app login works fine. However once a refresh and try to check with api if the user is still login in the back end it Auth::check facade it returns null. Should it not return the user ?
Are you still looking for help? I just figured out how to implement the login flow myself after hours of debugging.
Amazing explanation
Hey bro , im working on a laravel project with nextjs , i tried login and it worked and also user is working but when i try logout it respond with 419 error mismatch csrf token i tried everything and it still doesn't work could u pls help me😊
is the csrf gets re produce if csrf match?
maximum security right? but the user's passwod is just 123456 😬
Thanks a lot.
Why is the CSRF token generated previously of login? I mean I thought, it's not necessary that the user have any ID if he doesn't identify, doesn't it?
the token is associated to the session id. and every visitor, logged in or not, has one
@@cdruc Thanks for answer, Your content is pretty good. I hope your channel grows much more; it deserves it 😋😋
Awesome. thank you
wonderfull !!!
I don't get how you can build an API... Where you're using postman or similar. You're not coming from a server, just a desktop app .. what does the server/VM running the API think the referer is? There's no website making the request... Just an app.
Really confuses me
you add the referer header yourself: Laravel Sanctum and Postman
th-cam.com/video/My61OicxPRo/w-d-xo.html
Is it same the logic when using personal access token?
I separate laravel and vue directory. So I use api token. Put it in localstorage in browser.
not a good idea to store auth tokens in localstorage - mostly because js can reach it. andmost of your js is not really *your* js
will explain more in a future video
Hey, first of all - thank you for this amazing video as well as all the others. I always find real value in almost every one of them.
However, I wanted to ask, whether it would be possible to expand upon this video when adding the `remember_me` functionality into the mix. A couple of times I've stumbled upon an issue, where the session expires, but the user is still authenticated because of the remember me cookie, so then if you do a POST request (for example) it results in 419 while GET requests are working.
But that's just an idea/suggestion. Thanks again for the incredible content and I am really looking forward to your Masteringauth course.
lol, you just guessed my next 2 videos 🤣
1. remember me
2. auto-fetching xsrf cookie
Haha, that is amazing :D Will definitely keep an eye out for those :) Thanks
Just stumbled on your channel. Amazing content! On which social media can we follow you. LinkedIn, Twitter?
Thanks!
I rarely post anything anywhere else, so...youtube! 😀
He also have twitter 😊