aboutsummaryrefslogtreecommitdiff
path: root/config/sanctum.php
diff options
context:
space:
mode:
authorPatrick Spek <p.spek@tyil.nl>2023-06-04 13:19:44 +0200
committerPatrick Spek <p.spek@tyil.nl>2023-06-04 13:19:44 +0200
commitdd66a8e2fbe60c18123dd7245ca68b367367a81c (patch)
tree2e43ccdf89653f8d57beff1cee578498fcd4d851 /config/sanctum.php
Initial commitHEADmaster
Diffstat (limited to 'config/sanctum.php')
-rw-r--r--config/sanctum.php65
1 files changed, 65 insertions, 0 deletions
diff --git a/config/sanctum.php b/config/sanctum.php
new file mode 100644
index 0000000..9281c92
--- /dev/null
+++ b/config/sanctum.php
@@ -0,0 +1,65 @@
+<?php
+
+return [
+
+ /*
+ |--------------------------------------------------------------------------
+ | Stateful Domains
+ |--------------------------------------------------------------------------
+ |
+ | Requests from the following domains / hosts will receive stateful API
+ | authentication cookies. Typically, these should include your local
+ | and production domains which access your API via a frontend SPA.
+ |
+ */
+
+ 'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
+ '%s%s',
+ 'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
+ env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : ''
+ ))),
+
+ /*
+ |--------------------------------------------------------------------------
+ | Sanctum Guards
+ |--------------------------------------------------------------------------
+ |
+ | This array contains the authentication guards that will be checked when
+ | Sanctum is trying to authenticate a request. If none of these guards
+ | are able to authenticate the request, Sanctum will use the bearer
+ | token that's present on an incoming request for authentication.
+ |
+ */
+
+ 'guard' => ['web'],
+
+ /*
+ |--------------------------------------------------------------------------
+ | Expiration Minutes
+ |--------------------------------------------------------------------------
+ |
+ | This value controls the number of minutes until an issued token will be
+ | considered expired. If this value is null, personal access tokens do
+ | not expire. This won't tweak the lifetime of first-party sessions.
+ |
+ */
+
+ 'expiration' => null,
+
+ /*
+ |--------------------------------------------------------------------------
+ | Sanctum Middleware
+ |--------------------------------------------------------------------------
+ |
+ | When authenticating your first-party SPA with Sanctum you may need to
+ | customize some of the middleware Sanctum uses while processing the
+ | request. You may change the middleware listed below as required.
+ |
+ */
+
+ 'middleware' => [
+ 'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
+ 'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class,
+ ],
+
+];