I read the official documentation of Laravel Jetstream And Sanctum but I still don't understan a few things.
First of all, I secure the endpoint with
Route::get('/endpointtoprotect', [AuthController::class, 'endpointtoprotect'])->middleware('auth:sanctum');
So to use that endpoint I need the token from 'api/login'. I checked that and It's working. But when I put on purpose an incorrect token, it doesn't work but instead of returning me a 401 , it returns me a 200 to the login page with this code:
<!DOCTYPE html>
<html lang="en">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="csrf-token" content="wwDHIrOCqffknYEmWbOZi8ZQmlCRuCw2SfqdI0C5">
<!-- Fonts -->
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Nunito:wght@400;600;700&display=swap">
<!-- Styles -->
<link rel="stylesheet" href="/css/app.css">
<!-- Scripts -->
<script src="/js/app.js" defer></script>
<div class="font-sans text-gray-900 antialiased">
<div class="min-h-screen flex flex-col sm:justify-center items-center pt-6 sm:pt-0 bg-gray-100">
<a href="/">
<svg class="w-16 h-16" viewbox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">
d="M11.395 44.428C4.557 40.198 0 32.632 0 24 0 10.745 10.745 0 24 0a23.891 23.891 0 0113.997 4.502c-.2 17.907-11.097 33.245-26.602 39.926z"
fill="#6875F5" />
d="M14.134 45.885A23.914 23.914 0 0024 48c13.255 0 24-10.745 24-24 0-3.516-.756-6.856-2.115-9.866-4.659 15.143-16.608 27.092-31.75 31.751z"
fill="#6875F5" />
<div class="w-full sm:max-w-md mt-6 px-6 py-4 bg-white shadow-md overflow-hidden sm:rounded-lg">
<form method="POST" action="http://localhost:8000/login">
<input type="hidden" name="_token" value="wwDHIrOCqffknYEmWbOZi8ZQmlCRuCw2SfqdI0C5">
<label class="block font-medium text-sm text-gray-700" for="email">
<input class="border-gray-300 focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50 rounded-md shadow-sm block mt-1 w-full" id="email" type="email" name="email" required="required" autofocus="autofocus">
<div class="mt-4">
<label class="block font-medium text-sm text-gray-700" for="password">
<input class="border-gray-300 focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50 rounded-md shadow-sm block mt-1 w-full" id="password" type="password" name="password" required="required" autocomplete="current-password">
<div class="block mt-4">
<label for="remember_me" class="flex items-center">
<input type="checkbox" class="rounded border-gray-300 text-indigo-600 shadow-sm focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50" id="remember_me" name="remember">
<span class="ml-2 text-sm text-gray-600">Remember me</span>
<div class="flex items-center justify-end mt-4">
<a class="underline text-sm text-gray-600 hover:text-gray-900"
Forgot your password?
<button type="submit" class="inline-flex items-center px-4 py-2 bg-gray-800 border border-transparent rounded-md font-semibold text-xs text-white uppercase tracking-widest hover:bg-gray-700 active:bg-gray-900 focus:outline-none focus:border-gray-900 focus:ring focus:ring-gray-300 disabled:opacity-25 transition ml-4">
Log in
Does someone has a better tutorial or can explain to me basics of this sanctum authorization? It is supposed to be a built-in integrated solution but I don't see any simplicity about this. I'm seeing there is more documentation about JWT Tokens, but the functionality may be similar.
When making requests to /api
endpoints, include the HTTP header accept: application/json