Laravel + React,使用Laravel身份验证使用api

我们有一个Laravel项目,其中react作为前端。 基本上反应是在laravel项目中,我们使用 php artisan preset react </ code>来添加它。</ p>

由于此应用程序需要身份验证,我们使用自定义laravel auth来提供 访问用户。 然后,当身份验证正确时,我们会将用户重定向到一个路由,该路由将由react和react路由器进行管理。
laravel Auth不在那里工作,每次请求都没有发送sessión信息。 我试过 身份验证#statless-http-basic-authentication 虽然它解决了问题,但登录时不方便,然后当想要消耗其他资源时显示再次登录的提示。 也不能将api路由更改为Web中间件。</ p>

是否有人知道如何使用正常的laravel身份验证保护laravel API路由</ p>
</ div>



we have a Laravel project with react as the front-end. Basically react is inside the laravel project, we used php artisan preset react to add it.

As this application needs authentication, we used the custom laravel auth to give access to the users. Then when the authentication is correct, we redirect the user to a route that will be managed by react and react router. The problem is that we need to consume our API endpoints from the same app, and those endpoints MUST be protected. The laravel Auth is not working there, the sessión information is not being sent on each request. I’ve tried that although it solves the problem is not convenient to log in and then when want to consume another resource show a prompt to log in again. Also change the api routes to a web middleware is not an option.

Does someone knows how to protect the laravel API routes with the normal laravel authentication


The solution was simple, even that is on the documentation, the necessary steps should be clarified.

We need to:

  1. Add passport composer require laravel/passport
  2. Make the migrations php artisan migrate
  3. Install passport php artisan passport:install

The fourth step is more complex. We need to open our User.php model file. And first we need to import the HasApiTokens and tell the model to use it.

use Laravel\Passport\HasApiTokens;

class User extends Authenticatable


    use HasApiTokens, Notifiable;



Then on our config/auth.php we need to modify the api array and change the driver to passport

'api' => [

    //for API authentication with Passport

    'driver' => 'passport',

    'provider' => 'users',


Then on our app/Http/Kernel.php we need to add a middleware to the $middlewareGroups array in the key web.

protected $middlewareGroups = [

    'web' => [


        //for API authentication with Passport



Now we can use the auth:api middleware on our api routes.

Route::middleware('auth:api')->group( function(){
    ...your routes here

在routes / api.php中定义的路由默认为无状态。 他们不使用会话。</ p>

你必须添加必要的中间件,如 StartSession :: class </ code>和'auth'</ code>,如果你 想要利用经过身份验证的会话。 您可以在路由组中执行此操作,也可以在app / Http / Kernel.php中的 $ middlewareGroups ['api'] </ code>数组中执行此操作。</ p>
</ div>



The routes defined in routes/api.php are, by default, stateless. They do not use sessions.

You must add the necessary middleware, like StartSession::class and 'auth', if you want to take advantage of authenticated sessions. You can do this either in a route group, or in the $middlewareGroups['api'] array in app/Http/Kernel.php.

Csdn user default icon