Laravel Sanctum and Postman

Рет қаралды 12,274

Күн бұрын

Пікірлер: 56

@hnccox Жыл бұрын

I like how you always include the error ways before "fixing" them instead of doing everything "correct" on the first try. It gives a better insight into how and why.

@bigsgm Жыл бұрын

I have watched several videos and all are super awesome. Very very easy to understand! You are great teacher!

@albertmelo 9 ай бұрын

Thanks, amazing video. Helped me a lot, I was trying to make it work through postman so I could understand how it works, and was struggling to make it work for months without success.

@censura1210 9 ай бұрын

I've spent all day dealing with this insanity and this was my salvation. I finally understand how this crap works now. This is how I know angels exist. Thank you!

@anonymous-sy3os Жыл бұрын

Your other videos on Laravel sanctum really helped me. I am so glad to see this too

@mariano.pualiu 8 ай бұрын

These are the kind of hidden gems is really hard to find when understanding the details of authentication

@iapv 4 ай бұрын

Very helpful content. You shared very important info that saves headaches, decoding the CSRF token.

@alisterpereira 2 ай бұрын

Thank you so much, it is an amazing video that helped me with postman on this issue.

@AhmadAhmad-po4nl 17 күн бұрын

Extremely helpful, thanks a lot!!

@pascalraymond8424 Жыл бұрын

Thanks Constantin !Great vidéo again ❤ Please how did you alias the front-end url in production ?

@pascalraymond8424 Жыл бұрын

More context : I added a devServer key in nuxt config : devServer: { host: "client.merchant-app.test", port: 3000 }, I added client.merchant-app.test to C:\Windows\System32\drivers\etc\hosts : localhost client.merchant-app.test but when I start npm run dev I got the following error : Unable to find any random port on host "client.merchant-app.test" Do you know how to resolve this ?

@parallel_53 11 ай бұрын

your videos are great. As I understand things, it appears that in order to use pure token approach (with say a flutter mobile client), as opposed to the cookie approach (for web SPA), i would just need to create my own user login/registration routes, and if there's no plan to have a SPA component, i could just delete the auth.php route file entirely? Or would you try to use the cookie approach when having only a mobile client?

@cdruc 11 ай бұрын

Thanks! And yes, everything you said here is correct. Tokens for mobile apps, cookies for browsers, no need to keep auth.php. However, keep in mind that you will also have to consider the "I forgot my password" flow

@tamash.8683 11 ай бұрын

Thanks, really great video! Just wondering: it is the SPA authentication you showed us in this context, is it also okay (or even better?) to use Sanctum's API Token authentication in this Postman case?

@cdruc 11 ай бұрын

postman is just a testing tool, so you can use it to test both approaches. none is better than the other - cookies for browsers, tokens for everything else

@codecreeper Ай бұрын

Question: Why you call frontend url in pre request script in postman to get cookie, why not call the laravel sanctum/csrf-cookie URL?

@ariefwijaya8065 Жыл бұрын

good video. what about some other POST request?we must get csrf-cookie again?

@cdruc Жыл бұрын

Generally no - there's no need to get the csrf-cookie again

@hnccox Жыл бұрын

@@cdruc When to crsf and when not to csrf ?

@cdruc Жыл бұрын

Great question - might turn it into a video/post! You need to send a csrf token with any non-GET request - so for post/put/patch/delete requests. Generally, all things (forms, buttons, actions) that make those types of request are behind a login/register screen so by the time you reach them, there's already a XSRF-TOKEN cookie in place. Once that cookie is set, it gets updated with every request made to the Laravel API, so there's no need to call the /sanctum/csrf-cookie endpoint again and again. You only need to call it before submitting any public-facing forms. For example: login, register, forgot password, reset password... a contact form anyone can fill in, etc. Hope that answers your question!

@aslammamud6078 Ай бұрын

loved your video man. thanks

@mehdiabderrahmaneyahiaoui4700 2 ай бұрын

Hello! Thanks for the video. I’m having difficulties to do the same for Laravel sanctum with fortify.

@albir 4 ай бұрын

Kudos to you for this useful video! 🙌

@shashikanuwan 8 ай бұрын

Wow, this is truly exceptional.

@kirillbaryba746 Жыл бұрын

Thanks, so much interesting 👍

@shashikanuwan 8 ай бұрын

Is it possible to authenticate in a react native app using laravel breeze API package? Please help me

@cdruc 8 ай бұрын

Yes - use Sanctum token based auth. Store the token using expo SecureStore

@ProkarsGaming 9 ай бұрын

Many Thanks

@afanoktafianto5348 2 ай бұрын

You are my Hero !

@millennia Жыл бұрын

Amazing, thank you!

@KunzHorus 8 ай бұрын

Hi Sir, I am following your tutorial about laravel api. I see that every time a request is made to the server (post, put,..), it will need to include a csrf token. But I see there are many other instructional videos on KZbin, no need to send csrf token when requesting with post method. Can you answer me? Thanks a lot!

@cdruc 8 ай бұрын

hey! all post/put/patch/delete requests require a csrf token - unless the VerifyCsrfMiddleware is disabled. If you send me a video url + timestamp of such video, I can *probably* explain what's different

@vladimir.ffromsellerboard 11 ай бұрын

@cdruc will it work if backend and frontend is on different domains? for example Frontend is on localhost, and backend is on example.test

@cdruc 11 ай бұрын

hey! no - sort of Sanctum relies on cookies. And one domain (example.test) cannot set cookies for a different domain (localhost). So both applications need to be on the same domain (you can still use subdomains). The only way to make it work is by using a proxy. I made a video here: kzbin.info/www/bejne/nXymaKysodGmhqc

@vladimir.ffromsellerboard 11 ай бұрын

thanks a lot@@cdruc

@Szchmausser 8 ай бұрын

Excellent video, thanks!!

@EmersonCarvalho13 10 ай бұрын

Great thx!!!

@Proximity221 Жыл бұрын

im getting pages expired, please help

@christopherlugod9022 11 ай бұрын

Hi @cdruc, I'm having an issue with postman. I didn''t received any cookies when i request on csrf-cookies endpoint it only say "No cookies received from the server". Do you know how to fix it?

@cdruc 11 ай бұрын

That's weird, can you upload a screenshot somewhere with the exact parameters you're sending and the exact response you get back? I've never heard of such "No cookies received from the server" response.

@hajarhimmi2279 10 ай бұрын

maybe you just didn't run the server: php artisan serve

@moshe_code 10 ай бұрын

@@cdruc same issue here. Using Postman v10.22.6

@moshe_code 10 ай бұрын

console.log(err, cookie) null null

@shaneshrestha7654 Жыл бұрын

Could you please provide vscode theme link? Thanks

@cdruc Жыл бұрын

marketplace.visualstudio.com/items?itemName=sdras.night-owl

@Bukosaure 6 ай бұрын

I am completely stuck with the 401 Unauthorized error when trying to access api routes protected with sanctum. I tried everything I could, I just don't understand... I did watch your most recent video (kzbin.info/www/bejne/hWfMk4OCe8t0npI) in hope to solve my problem, but nothing seems to do the trick. The /sanctum/crsf-cookie and /login routes work. It's only the api ones protected by sanctum that are always unauthorized. Do I have to set the port of Postman to :5173? For infos, I am using Laravel 11.

@Bukosaure 6 ай бұрын

Ok so I found the solution in this video : kzbin.info/www/bejne/lZ3JpKmQj7ymjqc. Am I forcing to use the Bearer token because Postman doesn't use the credentials?

@kevinmugiira7517 4 ай бұрын

The provided permissions might be the issue.