Skip to content

phendan/yaak-laravel-sanctum-cookie

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
build
build
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Laravel Sanctum Cookie - Yaak Plugin

Authenticating a web app with a Laravel API via Sanctum requires first sending a request to your API's CSRF Cookie endpoint and extracting the CSRF Token. This token then needs to be URL-decoded and sent along in the subsequent request using the custom X-XSRF-TOKEN header.

Doing all this manually every time a request is sent is quite involved and time-consuming. To make things simpler, I wrote this little plugin for the Yaak API client which provides a template function to automate the process.

Basic Usage

To use this plugin, proceed as follows:

  1. In Yaak, go to Settings > Plugins, search for Laravel Sanctum Cookie and hit Install.
  2. Create a request to your Laravel API's CSRF Cookie endpoint (/sanctum/csrf-cookie)
  3. Create the request for which you want CSRF protection (e.g. a login request)
  4. Go to the Headers tab of the protected request and add a key named X-XSRF-TOKEN. For the value of the header, start typing laravel_csrf_cookie and select the corresponding function.
  5. Click on the template and select your CSRF Cookie request.

That's it!

The template function will now automatically retrieve the CSRF Cookie, extract the token, and attach it to your request.

Advanced Usage

Global Variables

If you're using CSRF protection in a lot of places, it might make sense to declare a global variable for the token value so that it's easily configurable. This is possible in Yaak by setting the value of a global environment variable to the result of your template function.

To do this, open up your environment and select "Manage Environments" (or hit CMD+Shift+E ). Add a variable (e.g. csrfToken ) and add the template function as the value, much like in steps 3. and 4. After that, use the environment variable in your request's X-XSRF-TOKEN header in place of the template function.

Central Configuration

If you'd rather not configure the header for each request individually, you can instead define it at the folder level or even for the entire workspace. Note that this currently means the extra request to fetch the CSRF cookie will run for every request in that folder or workspace, even GET requests, which may or may not be what you want.

Further Reading

If you'd like to learn more about the auth flow in Laravel Sanctum and how to avoid common pitfalls, I recommend this excellent write-up on Codecourse. It's using Postman for the walkthrough, but the principles remain the same:

Laravel Sanctum Explainer on Codecourse.com

About

A plugin to simplify working with Laravel Sanctum and CSRF cookies within the Yaak API client

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

4 tags

Packages

 
 
 

Contributors

Languages