Laravel Auth SPA

This package is an authentication backend implementation for Laravel. Registers the routes and controllers required to implement all Laravel authentication features from a Frontend SPA or SSR, including login, password reset, and more.

• Installation
• Configure
  • Laravel Sanctum
  • Package
• Usage
  • Login
  • Logout
  • Get reset password link
  • Reset password with link
  • Update password for current user logged
• Customize
  • Defining Default Password Rules
• More info

Installation

composer require descom/laravel-auth-spa

Configure

Laravel Sanctum

Run:

php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate

Add Sanctum's middleware to your api middleware group within your application's app/Http/Kernel.php file:

'api' => [
    \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
    'throttle:api',
    \Illuminate\Routing\Middleware\SubstituteBindings::class,
],

Configure cors, you need edit the file config/cors.php and change this lines:

    'paths' => ['api/*', 'sanctum/csrf-cookie', 'login', 'logout', 'password/forget', 'password/reset'],

    /// ...

    'supports_credentials' => true,

In production define this environment variables:

Local:

SANCTUM_STATEFUL_DOMAINS=localhost:3000
SESSION_DOMAIN=localhost

Production for domain 'www.app.tld':

SANCTUM_STATEFUL_DOMAINS=www.app.tld
SESSION_DOMAIN=.app.tld

Package

php artisan vendor:publish --provider="Descom\AuthSpa\AuthSpaServiceProvider" --tag="config"

You can define your frontend in config file config/authspa.php

///
    'frontend' => [
        'url' => env('FRONTEND_URL', 'http://localhost:3000'),

        'reset_password_url' => env('FRONTEND_RESET_PASSWORD_URL', '/login/reset'),
    ],
///

Usage

Login

POST /login

{
    "email": " <email>",
    "password": "<password>"
}

Logout

POST /logout

Get reset password link

POST /password/forgot

{
    "email": " <email>"
}

Reset password with link

POST /password/reset

{
    "token": "<token>",
    "email": " <email>",
    "password": "<password>",
    "password_confirmation": "<password>"
}

Update password for current user logged

PUT /api/user/password

{
    "current_password": "<current_password>",
    "password": "<newpassword>",
    "password_confirmation": "<newpassword>"
}

Get user info

GET /api/user

Nuxt.js

Install Nuxt Auth:

yarn add --exact @nuxtjs/auth-next
yarn add @nuxtjs/axios

And configure file nuxt.config.js:

{
  modules: [
    '@nuxtjs/axios',
    '@nuxtjs/auth-next'
  ],
  auth: {
    strategies: {
      laravelSanctum: {
        provider: 'laravel/sanctum',
        url: process.env.API_URL || 'http://localhost:8000',
      },
    },
  }
}

Customize

Defining Default Password Rules

You may find it convenient to specify the default validation rules for passwords in a single location of your application. You can easily accomplish this using the Password::defaults method, which accepts a closure. The closure given to the defaults method should return the default configuration of the Password rule. Typically, the defaults rule should be called within the boot method of one of your application's service providers:

use Illuminate\Validation\Rules\Password;

/**
 * Bootstrap any application services.
 *
 * @return void
 */
public function boot()
{
    Password::defaults(function () {
        $rule = Password::min(8);

        return $this->app->isProduction()
                    ? $rule->mixedCase()->uncompromised()
                    : $rule;
    });
}

Other rules

More info

• Laravel Sanctum
• Nuxt Auth