Nuxt Auth Sanctum
This module provides a simple way to use Laravel Sanctum with Nuxt by leveraging cookies-based authentication. SSR-ready!
Features
useSanctumAuth
composable for easy access to the current user and authentication methods- Automated
CSRF
token header and cookie management - Both
CSR
andSSR
modes support - Pre-configured middleware for pages that require authentication
- Cast current user information to any class you want
- Compatible with default Nuxt
ofetch
client - TypeScript support
Note: Before using this module, please make sure that you have already configured Laravel Sanctum on your backend. You can find more information about Laravel Sanctum here.
Quick Setup
- Add
nuxt-auth-sanctum
dependency to your project
# Using pnpm
pnpm add -D nuxt-auth-sanctum
# Using yarn
yarn add --dev nuxt-auth-sanctum
# Using npm
npm install --save-dev nuxt-auth-sanctum
- Add
nuxt-auth-sanctum
to themodules
section ofnuxt.config.ts
export default defineNuxtConfig({
modules: ['nuxt-auth-sanctum'],
// nuxt-auth-sanctum options (also configurable via environment variables)
sanctum: {
baseUrl: 'http://localhost:80', // Laravel API
origin: 'http://localhost:3000', // Nuxt app
},
});
That's it! You can now use Nuxt Auth Sanctum in your Nuxt app ✨
Usage
In this package you can find the following:
- composables
useSanctumAuth
- provides access to the current user and authentication methodsuseSanctumUser
- provides access to the current useruseSanctumClient
- provides access to theofetch
client with pre-configuredCSRF
token header and cookie management
- middleware
sanctum:auth
- middleware for pages that require authenticated usersanctum:guest
- middleware for pages that require guest user
Composables
useSanctumUser
This composable provides access to the current authenticated user. It supports generic types, so you can get the user as any class you want.
interface MyCustomUser {
id: number;
login: string;
custom_metadata: {
group: string;
role: string;
};
}
const user = useSanctumUser<MyCustomUser>();
If there is no authenticated user, the composable will return null
.
useSanctumAuth
Composable provides 2 computed properties and 2 methods:
user
- current authenticated user (basically the same asuseSanctumUser
)isAuthenticated
- boolean flag indicating whether the user is authenticated or notlogin
- method for logging in the userlogout
- method for logging out the user
To authenticate a user you should pass credentials payload as an argument to the login
method. The payload should contain all fields that are required by your Laravel Sanctum backend.
const { login } = useSanctumAuth();
const userCredentials = {
email: 'user@mail.com',
password: '123123',
};
await login(userCredentials);
If login operation was successful, the user
property will be updated with the current user information returned by the Laravel API.
By default, methods will use the following Laravel endpoints:
/login
to authenticate the user/logout
to log out the user/api/user
to get the current user information/sanctum/csrf-cookie
to get theCSRF
token cookie
To change the default endpoints, please check the Configuration section.
useSanctumClient
All previous composables work on top of the ofetch
client which can be used in your application as well.
The client is pre-configured with CSRF
token header and cookie management.
All requests will be sent to the baseUrl
specified in the Configuration section.
const client = useSanctumClient();
const { data, pending, error, refresh } = await useAsyncData('users', () =>
client('/api/users')
);
Since client
implements $Fetch
interface, you can use it as a regular ofetch
client.
Check examples in the ofetch documentation.
Middleware
sanctum:auth
This middleware checks if the user is authenticated. If not, it will redirect a user to the page specified in the redirect.onAuthOnly
option (default is /login
).
Also, you might want to remember what page the user was trying to access and redirect him back to that page after successful authentication. To do that, just enable the redirect.keepRequestedRoute
option and it will be automatically stored in the URL for later redirect.
If there is no redirect rule the middleware will throw 403
error.
sanctum:guest
This middleware checks if the user is not authenticated. If not, it will redirect a user to the page specified in the redirect.onGuestOnly
option (default is /
).
If there is no redirect rule the middleware will throw 403
error.
Configuration
Here is the full example of the default module configuration:
baseUrl: 'http://localhost:80', // Laravel API
origin: 'http://localhost:3000', // Nuxt app (required for CSRF cookie)
userStateKey: 'sanctum.user.identity', // user state key for Vue `useState` composable
redirectIfAuthenticated: false, // Redirect to onLogin if already authenticated
endpoints: {
csrf: '/sanctum/csrf-cookie', // CSRF cookie endpoint
login: '/login', // Endpoint that accepts user credentials
logout: '/logout', // Endpoint to destroy the current session
user: '/api/user', // Endpoint that return current user information
},
csrf: {
cookie: 'XSRF-TOKEN', // CSRF cookie name
header: 'X-XSRF-TOKEN', // CSRF header name
},
client: {
retry: false, // ofetch retry option (number | false)
},
redirect: {
keepRequestedRoute: false, // Keep requested route in the URL for later redirect
onLogin: '/', // Redirect to this page after successful login
onLogout: '/', // Redirect to this page after successful logout
onAuthOnly: '/login', // Redirect to this page if user is not authenticated
onGuestOnly: '/', // Redirect to this page if user is authenticated
},
You can override any of these options in the nuxt.config.ts
file:
export default defineNuxtConfig({
modules: ['nuxt-auth-sanctum'],
sanctum: {
baseUrl: 'http://localhost:80', // Your Laravel API
origin: 'http://localhost:3000', // Your Nuxt app
redirect: {
onLogin: '/dashboard', // Custom route after successful login
},
},
});
Also, it is possible to override options via environment variables. It might be useful when you want to use .env
file to provide baseUrl
for Laravel API.
export default defineNuxtConfig({
modules: ['nuxt-auth-sanctum'],
runtimeConfig: {
public: {
sanctum: {
baseUrl: 'http://localhost:80',
},
},
},
});
Development
# Install dependencies
yarn install
# Generate type stubs
yarn dev:prepare
# Develop with the playground
yarn dev
# Build the playground
yarn dev:build
# Run Prettier
yarn fmt
# Run ESLint
yarn lint
# Run Vitest
yarn test
yarn test:watch
# Release new version
yarn release