Allow personal access token to be used as password to authenticate user via SPA
sts-ryan-holton opened this issue · comments
Hi,
I'm using Laravel Fortify in my Laravel 10 API project. I have a Nuxt JS front-end. I'd like to be able to create some kind of link that.a user can click on that authenticates the user automatically and logs them in. The /login
endpoint provides all of the functionality that my Nuxt front-end requires, but I was hoping I could, instead of sending the email
and password
, send along a personal access token that then logs the user in via the /login
endpoint?
I can see that adding:
Fortify::authenticateUsing(function ($request) {
Log::debug('authenticateUsing');
$user = User::where('id', 1)->first();
if ($user) {
return $user;
}
});
Does technically return a user, but I need to somehow disable the login validation for that route to allow this to work?
Right now, Fortify unfortunately requires a password and username and it's unlikely we'll change this soon as the LoginRequest is tied to the controller method. A solution would be to do dynamically validation inline in the controller method but I doubt this is a path we want to take.