If you're looking to level up your Laravel skills? My new course "Mastering Laravel 10 Query Builder, Eloquent & Relationships" is the perfect opportunity: www.udemy.com/course/mastering-laravel-10-query-builder-eloquent-relationships/?referralCode=C784C3DB5B8925207FCB
This crash course not only explained the basics of using Sanctum but also included a ton of valuable information about configuring APIs, using ResourceControllers, implementing custom requests, and so much more. Very well done!
When declaring resource routes that will be consumed by APIs, you will commonly want to exclude routes that present HTML templates such as create and edit. For convenience, you may use the apiResource method to automatically exclude these two routes. Like this: Route::apiResource('tasks', TasksController::class);
Before I even finish this video let me say that your are an amazing professor. That tutorial is so fluent , explaining patiently concepts I was hardly trying to understand. Thank you very much from Burkina Faso.
thank you so much man, I've been working as a full-stack developer for a long time, and i didn't know some of that stuffs in laravel. push forward bro. greate video!
you are a lifesavour . I loved you content when I was still learning a year ago and I am even more thankful that you posted this video now that I got a job and I am asked to make an API. your methods are light years ahead of my put together garbage API . thank you good sir
Thank you so much Abderraham! Tried my best making it easy for you. I've also got a video where I create a property listing API, might be useful for you too :)
Very well explained with details, common mistakes and coding things step by step so we are not saturated. One of the best teacher i've watched so far. Thanks a lot for this tutorial
Hi Dary, very good video. Just one small suggestion: pause for a second or two before you switch screen or program, so that your viewers get a chance to pause. Also, there is a small problem with the cli when the screen is paused, as YT's control overlaps on the last line, which happens to be what you are typing. So maybe using a ssh client to connect locally?
Great video! Thanks 👊 When validating a form request you actually don't need to call request->all() inside the validated() method. It doesn't need it. The validated method returns an array with the validated fields.
how you used auth->attempt() to verify the credentials and in the same time generate a token, that's not a good practise because the auth()->attempt apply the seesion based authentication so the server is created a session on it after using this method
The auth()->attempt() method is used to verify the credentials and log in the user. However, it does not generate a token directly. Instead, after successfully logging in the user, the code creates a token using $user->createToken('API Token')->plainTextToken.
@@codewithdary Yes, I mean after a successful attempt to log in user using the auth()->attempt() method the server creates a session for this user and sends it back to the browser, and no benefits from using the token-based authentication because as I know that among need for the token is to make the server more free in memory
If there is anything that i want to complain about in this tutorial, you need to show us every namespace that you used inside your controller. not all of us who are trying to learn laravel knows how to automatically add them whenever you used a class that isnt inside of the controller originally. It confused the heck out of me. 6/10. man do what i just said and it will be instant 9/10. cuz its such bummer to suddenly getting an error when i literally do everything you did step by step.
Namespaces are something you should learn in PHP, and not so much in Laravel. Let alone starting with Laravel Sanctum, which you shouldn't learn if you have no idea how namespaces work. I understand your concern, but I can't explain every single step over and over again, overwise people will start complaining about me repeating myself :) A part of being a developer is also making decisions on your own. You shouldn't just follow the tutor and expect to be a developer after a certain amount of hours.
Thanks for the tutorial… I’m stucked here. I kept getting error (Error, class “Task” not found) when I tried to use tinker to generate task . Any assistance will be welcomed. Thanks
This happens sometimes when composer has not loaded the classes correctly. The simplest solution is to add the entire path to it such as App\Models\Task
I get an error message in the postman SQLSTATE [42S22] column not found when i test login with a user who is not in the database, what could be the issue?
Why don't you use auth()->user() to get the current user instead of User::where('email',.....) after the Attempt? If the Attempt succeeds doesn't it mean that the auth() helper can be used as well?
Looking at the code right now I do believe that you are right. The code I added isn’t necessarily wrong, but using auth()→user() is cleaner. use auth()->user(). If you need to retrieve user information based on a given condition, use User::where().
It was very very useful. Thanks a lot to Mr. dary ❤for creating tutorial contents. Your tutorials are the best! I'm from iran country. I like next tutorial was be about the role based API and custom middleware. I look forward to your next tutorials.
Ensure that the Task model file is autoloaded properly by checking your composer.json file. This can be done by running the following command: composer dump-autoload.
Thank you @codewithdary . Your video tutorial is very helpful and easy to learn. Which packages or feature of a Laravel should we learn more to make a complete app for backend API. like like for sending emails, que jobs, uploading files..
If I’m correct, because It has been a while, I used the trait to determine the type of message that should be returned and the API resource to specify how the data should be returned.
Great job Dary. But I forgot how to deal with this ""The PATCH method is not supported for this route. Supported methods: GET, HEAD, POST."," resource controller can not be used?
@@codewithdary timing 1:09:26 error "message": "The PATCH method is not supported for route api/tasks. Supported methods: GET, HEAD, POST.", "exception": "Symfony\\Component\\HttpKernel\\Exception\\MethodNotAllowedHttpException", Please advise how to fix this error
@@АлександрФефилов-х4т The patch method is used to update a resource, but you are trying to perform it on either retrieving or persisting a post. The endpoint for patch should be api/tasks/{id}
Thanks for clearing me sanctum because many ppls says its for beginners .. Else i ve another question am starting deving some apps with laravel without using any packages like sanctum or passport for auth, are they not secured 🤔 do tou recommend to use sanctum .. already setup auth for *not small projects thank you
Glad I could help! Well I can’t say whether a custom auth system is secured or not without seeing it but you have to keep a lot of factors into consideration which are happening behind the scenes. I’m personally a fan of sanctum because of its simplicity, so I would recommend it (or Laravel passport for oauth2.0)
It was great, but one question When we don't use the api of Laravel, the functionality of the register and login functions are implemented by Laravel. Is there no such api here?
That happens when the factory class is not being autoloaded correctly. You could add the path to the file right in front of the model: such as App\Models\Task and then it works :)
Noice video Dary we need more videos about auth with api for SPA front-end, and I have a question about authentication for a project. I'm confused about whether to use cookie or token-based API authentication. Which one do you suggest and which one is more secure? especially for SPA front-end
Hi Muhammed! It's difficult to judge without knowing the project's background. However, token-based authentication is useful for storing data on the client-side, while cookie-based authentication is suitable for storing less secure data, as cookies can be vulnerable.
Small mistake in LoginUserRequest ? I think you referred to the 'email' rule as meaning it comes from the 'email' column. Actually validates that it is a properly formed email address. Also what is the need for 'string' rule if we are making sure it is a valid email? And for the password, Password::default() used in the register request rules has min:8 by default where we used min:6 in our login request. I just used Password::default() in both requests to make sure the rules match. Otherwise excellent course so far. I'm learning a lot and looking forward to moving to your authentication videos next
I have a question Why did you created Token at the time of User registration ?? We are creating a token in login and if a user register then he will definitely going to do login
It's an educational tutorial, I can't just show users to register and end up with the video. Most apps have login/register. It's up to the viewers how they are going to implement it inside their working app :)
This works great locally, but as soon as I push to a remote dev site any request sent with the received Bearer token says "Unauthenticated". Anyone have any suggestions?
You should check that the middleware is being properly applied to all relevant routes in your application, and that there are no syntax errors or other issues with your middleware code.
Awesome video thanks 👍 Please add more videos about API other methods like email confirmation, password reset, OTP confirmation for mobile .... Thanks again for the tutorial
HI Dary, I don't know what I did wrong in the 32min here 'password' => ['required', 'confirmed', Rules\Password::defaults()]. it was highlighting Rules\Password and was saying undefined type, I wouldn't know what I supposed to put in the name space on top.
This tutorial is the best I have ever seen for laravel API. I was wondering, what visual studio code extension do you use to automatically pull in newly created controllers to the route file
Hi Dary, thanks for the good works. I am using VS code on windows, when you wanted to test your login in the 18mins of the video you typed laravel_sanctum.test/api/login. please, where is .test from? I have been trying and trying and keep getting errors on my postman? you also said we can use PHP artisan serve, I tried it in Postman it doesn't work?
I can't run schedulte auto expires token in my test project . Can you explaining more and check and deepdown with topic expires datetime how it real work right ? If your explain , Ser ' I appreciate that.
Great video again, love Your work. Just a question, can we use policies for sanctum API? feels like it should work and in this example it fits perfectly
Hey awesome video, I would just like to ask about that isNotAuthorised function that we created. Is there a reason it needs to be private ? And i mean i get that it is the right way but when it was created inside of the controller class shouldn't all other functions in that class be able to use that function ? I ask because i thought i will be able to replace the if statement in the update function and use the function not to have any redundant code but aparently the function update doesn't know the isNotAuthorised function. Why is that ? And if this doesn't work this way, how come the weird Ternary operator thingie could access the function ?
First of all, thank you for your kind words. When I created the TasksController, I intended to use the isNotAuthorized method only within the controller itself and not in other classes. If you want to use the isNotAuthorized method in other classes, I suggest placing it inside the User Model where you can access it through auth()->user()->isNotAuthorized in any controller. Regarding your comment about the update method not knowing the isNotAuthorized function, I'm not sure what you mean. Could you please clarify?
@@codewithdary Oh hello, thank you for your quick answer. You are great. Oh I am sorry I wrote that comment at like 4 am and o was confused. I already figured it out. I simply forgot that I have to use $this-> in front of the function in order to use this. And after I did I forgot that I also have to return the output of the function so I thought the update controller is just ignoring it. It works now when I put it into a classic if statement there. I never intended to use it in another class, sorry for the confusion. Now I am just thinking how to change the function so it doesn't need to be called twice. Once for the if statement and once to return the error.
Hello teacher, how are you? I'm having problems with the Class Validator while trying to register a user: { "message": "Method Illuminate\\Validation\\Validator::validateAndrade does not exist." } I've searched on stackoverflow and other forums but I haven't had success. I tried to include the Class Validator, but I didn't succeed either. And again, thank you for taking your precious time to create this instructional-rich video.
I got the same error. But I find that I typo in AuthController.php. incorrect : $request->validate($request->all()); correct : $request->validated($request->all()); I hope this will help you from Japan. And super thank you, Dary!!
Something that bothers me is that on the update method you are giving the user the chance to update any field. I would instead do "$task->update($request->only(['name', 'description', 'priority']));"
I'm happy you saw that. Honestly don't really have a reason why I used it inside the AuthController and not inside of the TasksController. Just a mistake on my part.
Thanks for the great tutorial, Can we validate the auth check in validation class, why we need a separate function in controller?, How to validate the type hinted model in form request class?
It has been installed by default now yes, but I always try to show users that ou could install it manually if needed. I should've mentioned that it's optional though!
This is a nice work and it helped me to improve my sanctum integration and few shortcuts. I am also listing out all users to list without login by any user how can I prevent that API from public access?
Great video Dary! I have a regular Laravel / Blade app and was thinking of dropping a small SPA into one of my pages. Is it possible to make authenticated API calls from that SPA using Sanctum, even though the user logged in via the normal Blade login page (session auth)? I’d prefer to use Sanctum’s session authentication for security. The SPA is on the same domain as the API.
I don't really see the point of using an API is you want to use it within the same project, unless you want to fetch data to other apps as well. Usually, you create a backend API and use it within a JS Framework.
@@codewithdary So basically, we're replacing one section of a large legacy app with a Vue SPA for better UI/UX. It'll need to consume the API to work. I figure there must be a way to do it since Sanctum supports session auth for SPAs. But I can't find any examples or info. The page with the SPA will be /my-account and the api is at /api. So they're both on the same domain. The API will be used for a mobile app in the future so we'll be creating it anyway. Our Vue dev is an experienced frontend dev and doesn't want to use Inertia.
YOU CAN FIND ME ON TWO NEW PLATFORMS. 🔥TikTok: www.tiktok.com/@codewithdary 🔥Blog: blog.codewithdary.com/ AND ON 🔥Instagram: instagram.com/codewithdary/ 🔥Twitter: twitter.com/codewithdary
Great content, Dary. Thank you!! Just wanted to add that I had some issues on the authentication, always getting Unauthorized back, even using traits.. But my issue was that I was using Breeze as starter kit, so I had to start a new project to make it work properly. It does now, I just don't understand why we create a token on register and a new one on login? Can you explain, please?
Laravel breeze -api uses sanctum all you need to do is get csrf before try to login etc and then it will refresh the csrf with every authenticated request
If you're looking to level up your Laravel skills? My new course "Mastering Laravel 10 Query Builder, Eloquent & Relationships" is the perfect opportunity: www.udemy.com/course/mastering-laravel-10-query-builder-eloquent-relationships/?referralCode=C784C3DB5B8925207FCB
and i want to say that the video was perfect for me as a beginner in apis
This crash course not only explained the basics of using Sanctum but also included a ton of valuable information about configuring APIs, using ResourceControllers, implementing custom requests, and so much more. Very well done!
Thank you so much, I appreciate your kind words Josh!
Man, you have a real talent for explaining complex topics so that they seem very simple
Thank you so much, Volodymyr!
When declaring resource routes that will be consumed by APIs, you will commonly want to exclude routes that present HTML templates such as create and edit. For convenience, you may use the apiResource method to automatically exclude these two routes. Like this: Route::apiResource('tasks', TasksController::class);
Wait I didn’t do that in this tutorial! I’m ashamed! you are completely right.
Before I even finish this video let me say that your are an amazing professor. That tutorial is so fluent , explaining patiently concepts I was hardly trying to understand. Thank you very much from Burkina Faso.
thank you so much man, I've been working as a full-stack developer for a long time, and i didn't know some of that stuffs in laravel. push forward bro. greate video!
Wow, I'm happy that I could help!!
you are a lifesavour . I loved you content when I was still learning a year ago and I am even more thankful that you posted this video now that I got a job and I am asked to make an API. your methods are light years ahead of my put together garbage API . thank you good sir
Thank you so much Abderraham! Tried my best making it easy for you. I've also got a video where I create a property listing API, might be useful for you too :)
I love your tutorials; clear and in-depth. This is the latest and the best. Many thanks.
Thank you so much Chuks!
I loved this! Thank you for making this.
Thank you for your kind words!!
What!! I have successfully gone through this entire tutorial. Was very helpful.
Very well explained with details, common mistakes and coding things step by step so we are not saturated. One of the best teacher i've watched so far. Thanks a lot for this tutorial
Wow, your comment just made my day. Thank you so much :)
Best Laravel video with great explanations I have seen on RUclips.. Thank you sooo much for this video
Best video on Laravel Sanctum ever!!
Wow, thank you
It was a good-quality video. Thanks a lot, Dary!
Glad you liked it, Zoltan!
You are wrapping your credentials array in an extra array. Remove the extra array wrap in line 21 at 37:58
This actually solved my error! Thanks!
thank you.
Wow, wonderful tutorial, Dary. Thank you so much.
Happy to help! :)
Hi Dary, very good video. Just one small suggestion: pause for a second or two before you switch screen or program, so that your viewers get a chance to pause. Also, there is a small problem with the cli when the screen is paused, as YT's control overlaps on the last line, which happens to be what you are typing. So maybe using a ssh client to connect locally?
Thank you for the feedback, it is truly appreciated! I will definitely implement your feedback.
Hi @Dary can you kindly guide on routing 17:13 / 1:20:42 it says Target class [AuthController] does not exist. / tried the get too
You most likely haven't added the AuthController inside the use statement (at the top) but tried to call it in the route!
Great video! Thanks 👊
When validating a form request you actually don't need to call request->all() inside the validated() method. It doesn't need it. The validated method returns an array with the validated fields.
That is correct! Don't know why I did that....
how you used auth->attempt() to verify the credentials and in the same time generate a token, that's not a good practise because the auth()->attempt apply the seesion based authentication so the server is created a session on it after using this method
The auth()->attempt() method is used to verify the credentials and log in the user. However, it does not generate a token directly. Instead, after successfully logging in the user, the code creates a token using $user->createToken('API Token')->plainTextToken.
@@codewithdary Yes, I mean after a successful attempt to log in user using the auth()->attempt() method the server creates a session for this user and sends it back to the browser, and no benefits from using the token-based authentication because as I know that among need for the token is to make the server more free in memory
If there is anything that i want to complain about in this tutorial, you need to show us every namespace that you used inside your controller. not all of us who are trying to learn laravel knows how to automatically add them whenever you used a class that isnt inside of the controller originally. It confused the heck out of me. 6/10. man do what i just said and it will be instant 9/10. cuz its such bummer to suddenly getting an error when i literally do everything you did step by step.
Namespaces are something you should learn in PHP, and not so much in Laravel. Let alone starting with Laravel Sanctum, which you shouldn't learn if you have no idea how namespaces work. I understand your concern, but I can't explain every single step over and over again, overwise people will start complaining about me repeating myself :)
A part of being a developer is also making decisions on your own. You shouldn't just follow the tutor and expect to be a developer after a certain amount of hours.
Thanks for the tutorial… I’m stucked here. I kept getting error (Error, class “Task” not found) when I tried to use tinker to generate task . Any assistance will be welcomed. Thanks
This happens sometimes when composer has not loaded the classes correctly. The simplest solution is to add the entire path to it such as App\Models\Task
I get an error message in the postman SQLSTATE [42S22] column not found when i test login with a user who is not in the database, what could be the issue?
Hay Felix, try "if(!Auth::attempt($request->only('email','password'))) {" instead of "if(!Auth::attempt([$request->only('email','password')])) {"
@@ChBoss-fc2yj Thanks I'm always forgetting you can hover or ctrl+click on functions to see their definitions. It already returns an array 🙂
@@ChBoss-fc2yj GREAT THANKS! you saved my day, is that square bracket a laravel 9 or 10 thing?
Fantastic Tutorial Dary. I am a newbie to laravel and your videos are just fantastic. Thank you
Thank you so much Harsh, truly appreciate your kind words.
39:52 is the first argument of createToken method (i mean name here) somehow credential and affects generated token value or it doesnt matter at all?
Why don't you use auth()->user() to get the current user instead of User::where('email',.....) after the Attempt? If the Attempt succeeds doesn't it mean that the auth() helper can be used as well?
Looking at the code right now I do believe that you are right. The code I added isn’t necessarily wrong, but using auth()→user() is cleaner. use auth()->user(). If you need to retrieve user information based on a given condition, use User::where().
hi sir,
while using command line please make sure to write at top or middle , on bottom it gets hide byy youtube texts.
Thank you Dary 😍
I learned a lot from this video ❤
I'm so happy that you dod Mohamed! :)
Hi,
the expires_at value is still null after setting up the scheduler. As. I can see yours too. Any idea why?
It was very very useful. Thanks a lot to Mr. dary ❤for creating tutorial contents. Your tutorials are the best! I'm from iran country. I like next tutorial was be about the role based API and custom middleware. I look forward to your next tutorials.
Thank you so much Mohammad, I try to do my best for you :)
Task::factory()->times(2)->create();
Error Class "Task" not found.
showing this error. Can you help me
Ensure that the Task model file is autoloaded properly by checking your composer.json file. This can be done by running the following command: composer dump-autoload.
Amazing tutorial. Extremely clear and useful. Thanks a lot!
Glad you enjoyed it!
On 27:34 , where did you get that Route/Password::default() method. I cant import it
Add the following use statement at the top of your file: use Illuminate\Validation\Rules;
@@codewithdary the error still does not clear, I am using laravel 9
You're too good. You made it easy
Awesome
Thank you @codewithdary . Your video tutorial is very helpful and easy to learn. Which packages or feature of a Laravel should we learn more to make a complete app for backend API. like like for sending emails, que jobs, uploading files..
You shouldn't really learn packages, because they usually have good docs. You need to level up your Laravel skills to learn APIs!
Question: Why did you use Trait instead of Laravel resources for API?
If I’m correct, because It has been a while, I used the trait to determine the type of message that should be returned and the API resource to specify how the data should be returned.
@codewithdary I guess it needs version 2 of this awesome tutorial 🤗
One thing to ask: why did you not create form requests for all the Task functions ?
Thank you very much. Your Tutorial was very clear and easy to learn. You are awesome!!!
Thank you so much for your kind words, it's truly appreciated!
Thank you. I retired from JS framework hell from now on.
I feel you! Haha :)
Best Course on Sanctum Thanks a lot ,
Do you have Laravel Fortify Course ?
Thank you so much Abrham! I unfortunately don't :(
Great job Dary. But I forgot how to deal with this ""The PATCH method is not supported for this route. Supported methods: GET, HEAD, POST."," resource controller can not be used?
What is the route?
@@codewithdary timing 1:09:26 error "message": "The PATCH method is not supported for route api/tasks. Supported methods: GET, HEAD, POST.",
"exception": "Symfony\\Component\\HttpKernel\\Exception\\MethodNotAllowedHttpException", Please advise how to fix this error
@@АлександрФефилов-х4т The patch method is used to update a resource, but you are trying to perform it on either retrieving or persisting a post. The endpoint for patch should be api/tasks/{id}
@@codewithdary thanks for the help. Inattentively looked, everything worked.
Good staff,,,You are really doing something Amazing. API is my favorite. Make a simple mysql cli tutorial, very short is enough
Thank you Kimeli! Not sure if I be doing that any time soon.
@@codewithdary No worry.Thanks
Thank you sir, this is very clear, simple and informative. One request, would you please add how to handle image in API. Thank you.
Thank you for watching Ruhul. It needs to happen in the same way as "not with APIs"!
Thanks for clearing me sanctum because many ppls says its for beginners ..
Else i ve another question am starting deving some apps with laravel without using any packages like sanctum or passport for auth, are they not secured 🤔 do tou recommend to use sanctum .. already setup auth for *not small projects
thank you
Glad I could help! Well I can’t say whether a custom auth system is secured or not without seeing it but you have to keep a lot of factors into consideration which are happening behind the scenes. I’m personally a fan of sanctum because of its simplicity, so I would recommend it (or Laravel passport for oauth2.0)
It was great, but one question
When we don't use the api of Laravel, the functionality of the register and login functions are implemented by Laravel. Is there no such api here?
Hi day , i made this tutorial three times but after this code : Task::factory()->times(250)->create();
I got : Task class not found !!!?????!
That happens when the factory class is not being autoloaded correctly. You could add the path to the file right in front of the model: such as App\Models\Task and then it works :)
@@codewithdary Could you please make this course for web too ?🎉 Its very easy and dont take your time 🎉
Noice video Dary we need more videos about auth with api for SPA front-end, and I have a question about authentication for a project. I'm confused about whether to use cookie or token-based API authentication. Which one do you suggest and which one is more secure? especially for SPA front-end
Hi Muhammed! It's difficult to judge without knowing the project's background. However, token-based authentication is useful for storing data on the client-side, while cookie-based authentication is suitable for storing less secure data, as cookies can be vulnerable.
tysm, you are so good at explaining subjects like this, appreciate your efforts,
You're very welcome!
this was so amazing and helpful
thanks for this tutorial
Thank you so much Ahmed!
That's magnific your tutorial more clear understand! Thank very much! TOP!
Glad it helped Leonel!
Small mistake in LoginUserRequest ? I think you referred to the 'email' rule as meaning it comes from the 'email' column. Actually validates that it is a properly formed email address. Also what is the need for 'string' rule if we are making sure it is a valid email? And for the password, Password::default() used in the register request rules has min:8 by default where we used min:6 in our login request. I just used Password::default() in both requests to make sure the rules match.
Otherwise excellent course so far. I'm learning a lot and looking forward to moving to your authentication videos next
Thank you Ian! I'm here to learn too ;)
I have a question
Why did you created Token at the time of User registration ??
We are creating a token in login and if a user register then he will definitely going to do login
It's an educational tutorial, I can't just show users to register and end up with the video. Most apps have login/register. It's up to the viewers how they are going to implement it inside their working app :)
This works great locally, but as soon as I push to a remote dev site any request sent with the received Bearer token says "Unauthenticated". Anyone have any suggestions?
Could you try the solution from the following link please?
stackoverflow.com/questions/72801429/why-bearer-token-not-working-on-my-server
i love all your tutorials. hope to learn more from your up coming tutorial, appreciated if there is laravel livewire and alpinejs tutorial.
Great suggestion!
sanctum middleware is protecting only logout route but others no i don't know why please help
You should check that the middleware is being properly applied to all relevant routes in your application, and that there are no syntax errors or other issues with your middleware code.
@@codewithdary solved
Thanks a lot bro. You helped me so much
I'm happy that I could help!
Awesome video thanks 👍
Please add more videos about API other methods like email confirmation, password reset, OTP confirmation for mobile .... Thanks again for the tutorial
Sounds interesting! But the code will pretty much be the same as I’ve build in my other tutorials!
thanks sir you helped a lot to understand the basis of api and how to complex things in simple way
Love to help buddy :)
HI Dary, I don't know what I did wrong in the 32min here 'password' => ['required', 'confirmed', Rules\Password::defaults()]. it was highlighting Rules\Password and was saying undefined type, I wouldn't know what I supposed to put in the name space on top.
Hi, try 'password' => ['required', 'confirmed', Password::defaults()] and use Illuminate\Validation\Rules\Password;
@@patrikhalgas7719, thanks Dary as explained to me in another course.
I faced the same issue.
hope you complete this tutorial by adding an extra section about token abilities and authorization. thanks
The tutorial is very complete, what you want is additions :)
This tutorial is the best I have ever seen for laravel API. I was wondering, what visual studio code extension do you use to automatically pull in newly created controllers to the route file
Thank you so much. ruclips.net/video/KAUxgUvC514/видео.html
Hi Dary, thanks for the good works. I am using VS code on windows, when you wanted to test your login in the 18mins of the video you typed laravel_sanctum.test/api/login. please, where is .test from? I have been trying and trying and keep getting errors on my postman? you also said we can use PHP artisan serve, I tried it in Postman it doesn't work?
I’m using Valet, that’s why I’m able to add the .test. If you don’t use Valet you should use 127.0.0.1:8000.
Nice video! Thank you for your great content, it's clear and easy to understand.
Thank you Chris! Hoped it help you out :)
I can't run schedulte auto expires token in my test project .
Can you explaining more and check and deepdown with topic expires datetime how it real work right ?
If your explain , Ser ' I appreciate that.
Great video again, love Your work. Just a question, can we use policies for sanctum API? feels like it should work and in this example it fits perfectly
Yes you can!
The reason why I didn't use policies is mainly because I nevr covered it in a separate video
Amazing tutorial !
Thank you!
what an amazing video!
Thank you so much!
Hey awesome video, I would just like to ask about that isNotAuthorised function that we created. Is there a reason it needs to be private ? And i mean i get that it is the right way but when it was created inside of the controller class shouldn't all other functions in that class be able to use that function ? I ask because i thought i will be able to replace the if statement in the update function and use the function not to have any redundant code but aparently the function update doesn't know the isNotAuthorised function. Why is that ? And if this doesn't work this way, how come the weird Ternary operator thingie could access the function ?
First of all, thank you for your kind words.
When I created the TasksController, I intended to use the isNotAuthorized method only within the controller itself and not in other classes. If you want to use the isNotAuthorized method in other classes, I suggest placing it inside the User Model where you can access it through auth()->user()->isNotAuthorized in any controller.
Regarding your comment about the update method not knowing the isNotAuthorized function, I'm not sure what you mean. Could you please clarify?
@@codewithdary Oh hello, thank you for your quick answer. You are great. Oh I am sorry I wrote that comment at like 4 am and o was confused. I already figured it out. I simply forgot that I have to use $this-> in front of the function in order to use this. And after I did I forgot that I also have to return the output of the function so I thought the update controller is just ignoring it. It works now when I put it into a classic if statement there. I never intended to use it in another class, sorry for the confusion. Now I am just thinking how to change the function so it doesn't need to be called twice. Once for the if statement and once to return the error.
Great one!
Thank you so much :)
if I want to get all tasks in my database or show the details of a specific task and make all users can do this, how can I implement this ??
The functionality has been build in this tutorial, you shouldn't wrap it inside the middleware if everybody should be able to create tasks.
Thank you very much Dary
You're very welcome!
Hello teacher, how are you?
I'm having problems with the Class Validator while trying to register a user:
{
"message": "Method Illuminate\\Validation\\Validator::validateAndrade does not exist."
}
I've searched on stackoverflow and other forums but I haven't had success. I tried to include the Class Validator, but I didn't succeed either.
And again, thank you for taking your precious time to create this instructional-rich video.
Have you added validateAndrade in your use statement? Other than that I have no idea and it doesn't seem like an error related to this tutorial.
I'm also doing good! What about yourself? :)
I got the same error. But I find that I typo in AuthController.php.
incorrect : $request->validate($request->all());
correct : $request->validated($request->all());
I hope this will help you from Japan.
And super thank you, Dary!!
Thanks ladirevolutionist. I'll try that
@@ladirevolutionist thank you.
Something that bothers me is that on the update method you are giving the user the chance to update any field. I would instead do "$task->update($request->only(['name', 'description', 'priority']));"
I'm happy you saw that. Honestly don't really have a reason why I used it inside the AuthController and not inside of the TasksController. Just a mistake on my part.
getting a jumpscare with the start of each section😂. Very useful tutorial!
Can you please make the frontend of this application with react js
I have to keep my students awake you know :)
Thanks for the great tutorial, Can we validate the auth check in validation class, why we need a separate function in controller?, How to validate the type hinted model in form request class?
your tutorial was very very helpful, thank you so much 👏
Thank you for watching Mahamed!
does laravel 9 or 10 already have sanctum ? is it necessary to install it again? or its just i am wrong?
It has been installed by default now yes, but I always try to show users that ou could install it manually if needed. I should've mentioned that it's optional though!
Thank you very much Sir i saw the video and practice well
Keep it up buddy!
@@codewithdary Sure Sir,
thank you Sir
Thank you very much,
How i can check if Task is exists or no using FunctionName(Task $task)
I recommend you to look into the findorFail method that Laravel offers :)
when I give the tinker command to create task records I get the error that the class was not found, but the model exists called Task
Then you need to add App\Models\ in front of it
Run 'composer dump-autoload' before 'Task::factory()->times(250)->create();'
Thnx for the video, how can we implement roles and permission
Laravel Spatie Roles and Permissions :)
Wonderful Tutorial!
Thank you! Cheers!
This is great, thank you
Thank you for watching Stuart!
This is a nice work and it helped me to improve my sanctum integration and few shortcuts. I am also listing out all users to list without login by any user how can I prevent that API from public access?
Use a middleware!
checking with postman is ok, but it is very difficult sending headers from client side, though the token is sent, 401 response is showing
I understand your frustration but everyone has their own tooling. I personally love using Postman.
Dary u use which extension for auto import?
Here you go: ruclips.net/video/KAUxgUvC514/видео.html&t
Great video Dary! I have a regular Laravel / Blade app and was thinking of dropping a small SPA into one of my pages. Is it possible to make authenticated API calls from that SPA using Sanctum, even though the user logged in via the normal Blade login page (session auth)? I’d prefer to use Sanctum’s session authentication for security. The SPA is on the same domain as the API.
I don't really see the point of using an API is you want to use it within the same project, unless you want to fetch data to other apps as well. Usually, you create a backend API and use it within a JS Framework.
@@codewithdary So basically, we're replacing one section of a large legacy app with a Vue SPA for better UI/UX. It'll need to consume the API to work. I figure there must be a way to do it since Sanctum supports session auth for SPAs. But I can't find any examples or info. The page with the SPA will be /my-account and the api is at /api. So they're both on the same domain.
The API will be used for a mobile app in the future so we'll be creating it anyway. Our Vue dev is an experienced frontend dev and doesn't want to use Inertia.
@@binaryfire did you find the solution?
great tutorial. Thank you!
Thank you Jan
YOU CAN FIND ME ON TWO NEW PLATFORMS.
🔥TikTok: www.tiktok.com/@codewithdary
🔥Blog: blog.codewithdary.com/
AND ON
🔥Instagram: instagram.com/codewithdary/
🔥Twitter: twitter.com/codewithdary
Thanks for this great and clear tutorial! Hoping that you can continue creating tutorial for vue or react consuming the api from this.
Definitely something I'll be doing very soon!
@@codewithdary can't wait 👍
Great content, Dary. Thank you!!
Just wanted to add that I had some issues on the authentication, always getting Unauthorized back, even using traits.. But my issue was that I was using Breeze as starter kit, so I had to start a new project to make it work properly. It does now,
I just don't understand why we create a token on register and a new one on login? Can you explain, please?
Laravel Breeze doesn't use Sanctum! You need to look into that to get more clarification :)
Laravel breeze -api uses sanctum all you need to do is get csrf before try to login etc and then it will refresh the csrf with every authenticated request
thank you very complete tutorial
You are welcome Luis :)
super content. Thanks Dary.
My pleasure John!
Awesome dude, for covering advance topic😁😁
Thank you so much :)
thank you for this tutorial
You're welcome 😊
Pls I am stuck. I couldn't get to make tinker populate my tasks table. It is returning " class Task not found". Pls come to my aid
You should add the namespace in front of the model so App\Models\Task.
Good stuff 👍
How to handle show/destroy methods when passed id is not exist in the database?
thank you Dary for the tutorial it's very rich with informations and best practices , can you please update the repo ?
Thank you so much. What is missing in the repo?
Very good tutorial sir