Bagisto Forum

    Bagisto
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups

    Do you just use Bagisto APIs and are you running with SPA authentication in Laravel Sanctum?

    Modules
    2
    3
    278
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tmss last edited by

      Thank you for all your help.

      I would like to use Bagisto APIs to communicate with first party APIs and create HeadlessEC.

      Do you just use Bagisto APIs and are you running with SPA authentication in Laravel Sanctum?

      I need to be sure that it is running with SPA authentication because the Laravel Sanctum documentation states the following.

       Note: Do not use API tokens to authenticate your own first-party SPA. Instead, use Sanctum's built-in SPA authenticator.

      Version used

      • Bagisto v2.1.2
      • Bagisto APIs v2.0.0

      Note that we have been testing HeadlessEC(GraphQL) with Bagisto 2.1.2 for about a week, asking in the forum whether it can be used with Bagisto 2.1.2, but since it cannot be used, we are not considering using HeadlessEC(GraphQL).
      (Thanks for answering that theory.)

      1 Reply Last reply Reply Quote 0
      • Rishabh-Webkul
        Rishabh-Webkul last edited by Rishabh-Webkul

        Hello @tmss

        Greetings of the day..!!

        Yes, suppose you're integrating Bagisto APIs into a headless e-commerce setup and using Laravel Sanctum for authentication. In that case, you'll want to ensure that you're utilizing Sanctum's built-in SPA authentication for your first-party SPA.

        This involves configuring Sanctum to issue tokens to authenticate requests from your SPA. Sanctum provides middleware that you can use to authenticate requests from your SPA using session cookies. This way, you avoid using API tokens for authentication within your SPA.

        So, to answer your question, yes, it's advisable to use Laravel Sanctum's built-in SPA authentication mechanism when integrating Bagisto APIs.

        Thanks & Regards..!!

        T 1 Reply Last reply Reply Quote 0
        • T
          tmss @Rishabh-Webkul last edited by

          @Rishabh-Webkul

          Thank you for your answer.
          Sorry for all the time.

          The Bagisto APIs have the following code in parts

          EnsureFrontendRequestsAreStateful::fromFrontend($request)

//* In bagisto/app/Http/Kernel.php, EnsureFrontendRequestsAreStateful is commented out, so SPA authentication is not working globally

          I'm assuming this makes it work with both API tokens and SPA authentication? I felt that it would.

          Also, as far as I can see, SPA authentication is already set up and I don't think there is anything special to do here.

          Even if it needs to be configured or modified, we cannot modify bagisto itself or Bagisto APIs.
          (We cannot do anything that would cause problems with future updates to the main body or other packages)

          This made me think that Bagisto APIs are designed to have SPA authentication work for APIs that require SPA authentication when they are accessed by first parties.

          Am I correct in this perception and can I assume that this is the usage recommended by the Laravel Sanctum?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post