Laravel API Authentication with Fortify and Sanctum - All you need to know | Laravel API Server
Рет қаралды 16,292
Күн бұрынVisit acadea.io/learn for more lessons and content!
Join my newsletter here to get the BEST updates: sendfox.com/acadea
Support me: www.paypal.com/donate/?hosted...
Support me: www.buymeacoffee.com/acadea
Series playlist: • Laravel API Server fro...
This is a compilation of the series Laravel API Server Ep35-42.
------------
Source code for this lesson:
github.com/acadea/course_lara...
Subscribe for more: / @acadeaio
Follow me on Medium: / sam-ngu
Read unlimited Medium articles. Become a Medium member today: / membership
** Affiliated links
Earn passive income from crypto while you sleep! Get started on Nexo today! Up to 12% annual interest. Get $10 USD reward if you use my referral link below.
nexo.io/ref/2a2hror0bf?src=we...
Use the legendary Git GUI for FREE! You are seriously missing out if you are not using it.
Gitkraken: www.gitkraken.com/invite/f2Zu...
Beautiful designs created instantly to wow your social networks!
Stencil: getstencil.com?tap_a=9103-1801f8&tap_s=595482-2f5817
A simple and scalable cloud hosting platform for all developer needs.
Digital Ocean: m.do.co/c/6ffbb89a5a8c
Get started on Crypto today. Gets 10% off of all crypto trading fee if you use my referral link below.
www.binance.com/en/register?r...
Outro Music:
Wayr -- Between Our Universes • 【Chillstep】Wayr - Betw...
Timestamps:
00:00 L1: Fortify and Authentication: Introduction
07:38 L2: Registration and Password Reset
20:06 L3: Email Verification and Updating User Profile
28:06 L4: 2 Factor Authentication
39:47 L5: Customising Mail Verification
47:54 L6: Customising Authentication
55:28 L7: Laravel Sanctum
01:11:23 L8: Testing Authentication
@franciscomagalhaes7457 25 күн бұрын
Are you kidding me? How does the internet even work with something like that URI decode so obscurely hidden away on this corner of youtube? If I get this thing working I'm gonna hammer away at the laravel maintainers' patience until they let me add all this to the docs! Thank you very much for taking the time to do this!
@tommyck7185 Жыл бұрын
This video is a salvation to my whole authentication struggle.
@farsidd 2 жыл бұрын
must watch video for the developer who want to make separate front-end & back-end. usually i don't comment on youtube video but your video make me to comment & appreaciate your hard-word & effort you put in making this video. Thanks.
@Acadeaio 2 жыл бұрын
Thanks for your encouraging words Farhan!
@useruser12363 Жыл бұрын
One of the greatest tutorials I've ever watched! THANK YOU VERY MUCH!
@Acadeaio Жыл бұрын
You're very welcome!
@arthurservulo Жыл бұрын
This video lesson was extremely useful and the content is really easy to understand, I will refer it to my colleagues. From one professional to another, my most sincere thanks. 🤝
@phyothiha5612 Жыл бұрын
Crystal clear explanation. Thanks for the effort.
@evmemc 2 жыл бұрын
Thank you! It's a very nice guide, I watched it with pleasure!
@jkevinparker Жыл бұрын
THANK YOU FOR THIS! I created a clean Laravel 9 project to go through your tutorial. I have spent the last 8 or so hours on just your first 30 minutes! :') I am thoroughly documenting and testing along the way, and everything makes so much more sense now. Seriously-THANK YOU! I have been struggling with this part of my project.
@Acadeaio Жыл бұрын
Glad it helped! Authentication is never easy, took me a while to get there as well with lots of trials and errors
@johnstorm589 Жыл бұрын
Thank you! Excellent content
@lucasatolini1571 2 жыл бұрын
Perfect class. You can use axios which automatically includes the X-XSRF-COOKIE in the header of all the following requests. Thank you very much, congratulations.
@Acadeaio 2 жыл бұрын
Thanks for the tips! I tried to use the bare-bone methods so we can see what's involved under the hood
@simonarangoherrera409 Жыл бұрын
I'm using axios but it's not including the X-XSRF-COOKIE in the header. Can you show me an example please?
@steven_fox 2 жыл бұрын
Excellent video. Since you asked: the "voodoo magic cookie" you mention around 1:03:37 is the cookie that contains your actual session state data because you used the "cookie" SESSION_DRIVER option. If you were to decrypt the value of this cookie, you'd see the data that would normally be stored in a session file, cache system, etc (data like "_token", "_flash", "_previous", etc). In other words, the "livepost_session" cookie value (once decrypted) provides Laravel with your session token. Laravel then looks for a cookie on the request with that name (again, only because you are using the "cookie" session driver), and decrypts the value to get the actual session data. When using an alternate session driver, Laravel uses the same process (decrypting your session cookie to determine the "token"), but will then lookup the actual session data using whichever driver you've selected (cache, file, database, etc). Hope this helps!
@Acadeaio 2 жыл бұрын
Thanks for the input! Now that cleared my doubts!
@shygrammer 10 ай бұрын
this is awesome
@user-oc2jv2mt9k Ай бұрын
👍👍👍👍👍👍👍
@adnanzaheer2001 29 күн бұрын
Could you please update same with laravel 11.x due to many changes?
@LowVi Жыл бұрын
after I set up sanctum, I cant hit the endpoints with postman anymore?
@weradsaoud2018 2 жыл бұрын
I can not thank you enough for your precious videos. I feel like there is a little mess in authentication in Laravel, and I wish you clear some doubts. as I understand, when a protected http request arrives to API it first goes through sanctum library to make sure that request was issued by an authenticated user. and lets assume that http request contains bearer token. Then, sanctum relates this token to the user by inspecting the tokens table in database. The request will be considered authenticated if the token in the request is a valid token for some user. I want to ask here, is my perspective right? And if it is right, how does sanctum relate to Laravel guards? and can I make any other object authenticatable by sanctum, like for example other kinds of users, and should I make a costume guard with a provider related to this other user? how can I relate those other users to tokens table and tell sanctum that the tokens in the http request maybe for other entities?
@Acadeaio 2 жыл бұрын
Your understanding about sanctum verifying the token is correct. Guards are just a way for you to tell laravel how to authorise an incoming request and which table to look for the authenticable entity. You can totally customise the guards used by sanctum in the sanctum.php config file, and of course, creating your own guard provider
@sarkhanrasimoghlu961 2 жыл бұрын
Can you make a video about Laravel Scout and Elasticsearch? I want to see what is the right way to add data’s with relations into elasticsearch and search in elastic. Thank you for a great videos. I subscribed to your channel and turned on notifications 👍
@Acadeaio 2 жыл бұрын
I'll consider it
@sarkhanrasimoghlu961 2 жыл бұрын
@@Acadeaio thank you bro. I will wait for it ❤️
@farsidd 2 жыл бұрын
if i registered the user using Fortify register route then fortify will automatically login the user too at back-end & when i try to login user from nuxt front-end then laravel redirect to his back-end home page because at back-end side user already logged in which throw an error at front-end side & due to failed request loggedIn state of nuxt/auth package does'nt change to true. I hope you understand the condition. Any solution for this? what should i do? in-short i am trying to say that i can only make the request successful to login or register route for the first time or whenever I click on logout or throw request to logout at server then these login register routes work perfectly for the first time again.
@andresrico6216 Жыл бұрын
I got unidefined status when I requested register route
@Novica89 Жыл бұрын
I just don't get it... Trying to make requests through Postman and was able to make it work and pre-fetch CSRF token before each request to the local app so it circumvents the CSRF error and I can login by either going to /api/sanctum/token or to a "normal" website login at "/login" URI... However! - When I login through /login I get "unauthenticated" response back after making another GET request through postman to "api/user", which judging by what I saw in your video shouldn't be the case (it should threat this login the same way as it does the "api/sanctum/token" login) ? The only way I can get the "api/user" to not give me "Unauthenticated" error is if I add the bearer token authorization with the request and enter the token I got back when calling "/api/sanctum/token" URI. Or am I missing something here and "api/" route authentication was never supposed to be "compatible" with the Fortify "/login" route authentication and the "cookie based authentication for Sanctum" that you mention in the video is basically just having to send CSRF token along with the bearer token in the headers of any API request made to "api/" routes in the app for extra protection?
@albertdaracan3684 Жыл бұрын
why i still get html return even i set false to view in fortify
@reaksmeysunchhay8083 Жыл бұрын
Same problem here
@saeed17 Жыл бұрын
Same here :( anyone figured out the cause?
@sarmadali2352 Жыл бұрын
@@saeed17 @Reaksmey Sunchhay Do you guys added key value pair Accept=>application/json in header?
@sarmadali2352 Жыл бұрын
@@reaksmeysunchhay8083 Add Accept => application/json in header part of the postman, under the url you can see header tab, just before body
@saeed17 Жыл бұрын
@@sarmadali2352 Thanks bro, you're a legend! This fixed the issue for me :D
@mountinrose6722 Жыл бұрын
I tried this tutorial, but when register new user I got message Status: 419 unknown status. what happened with my project? Thank you
@Acadeaio Жыл бұрын
make sure you've included the csrf token in your request
@yvoznyak 10 ай бұрын
Add Accept => application/json in header part of the postman, under the url you can see header tab, just before body - this solved that for me
@davidkostic5933 Жыл бұрын
I have a weird error and any help would be appreciated. I login the user, turn on 2FA by making a POST request to /user/two-factor-authentication. Then I grabbed the recovery codes at GET: /user/two-factor-recovery-codes. So I logged out, logged back in and login response was { "two_factor": false }, even tough I turned it on. So I tried to do a two-factor-challenge with a recovery code, but I got a 422 saying "The provided two factor recovery code was invalid." P.S Great video, you explained this topic really well.
@Acadeaio Жыл бұрын
hmm a bit tricky to debug without seeing the code. But what I can say is the recovery codes reset whenever you used a code to login.
@davidkostic5933 Жыл бұрын
@@Acadeaio thanks for the reply. I think I may have realized the problem. I did some more reading, and 2fa needs to be confirmes by typing in the code from authenticator app. Since I was making an api, I didn't have access to the svg in a browser. I still haven't confirmed this but I am quite positive this is the problem
David Bombal
Рет қаралды 59 М.
Code With Dary
Рет қаралды 88 М.