| 1 | <?php
|
|---|
| 2 |
|
|---|
| 3 | use Laravel\Sanctum\Sanctum;
|
|---|
| 4 |
|
|---|
| 5 | return [
|
|---|
| 6 |
|
|---|
| 7 | /*
|
|---|
| 8 | |--------------------------------------------------------------------------
|
|---|
| 9 | | Stateful Domains
|
|---|
| 10 | |--------------------------------------------------------------------------
|
|---|
| 11 | |
|
|---|
| 12 | | Requests from the following domains / hosts will receive stateful API
|
|---|
| 13 | | authentication cookies. Typically, these should include your local
|
|---|
| 14 | | and production domains which access your API via a frontend SPA.
|
|---|
| 15 | |
|
|---|
| 16 | */
|
|---|
| 17 |
|
|---|
| 18 | 'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
|
|---|
| 19 | '%s%s',
|
|---|
| 20 | 'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
|
|---|
| 21 | Sanctum::currentApplicationUrlWithPort()
|
|---|
| 22 | ))),
|
|---|
| 23 |
|
|---|
| 24 | /*
|
|---|
| 25 | |--------------------------------------------------------------------------
|
|---|
| 26 | | Sanctum Guards
|
|---|
| 27 | |--------------------------------------------------------------------------
|
|---|
| 28 | |
|
|---|
| 29 | | This array contains the authentication guards that will be checked when
|
|---|
| 30 | | Sanctum is trying to authenticate a request. If none of these guards
|
|---|
| 31 | | are able to authenticate the request, Sanctum will use the bearer
|
|---|
| 32 | | token that's present on an incoming request for authentication.
|
|---|
| 33 | |
|
|---|
| 34 | */
|
|---|
| 35 |
|
|---|
| 36 | 'guard' => ['web'],
|
|---|
| 37 |
|
|---|
| 38 | /*
|
|---|
| 39 | |--------------------------------------------------------------------------
|
|---|
| 40 | | Expiration Minutes
|
|---|
| 41 | |--------------------------------------------------------------------------
|
|---|
| 42 | |
|
|---|
| 43 | | This value controls the number of minutes until an issued token will be
|
|---|
| 44 | | considered expired. This will override any values set in the token's
|
|---|
| 45 | | "expires_at" attribute, but first-party sessions are not affected.
|
|---|
| 46 | |
|
|---|
| 47 | */
|
|---|
| 48 |
|
|---|
| 49 | 'expiration' => null,
|
|---|
| 50 |
|
|---|
| 51 | /*
|
|---|
| 52 | |--------------------------------------------------------------------------
|
|---|
| 53 | | Token Prefix
|
|---|
| 54 | |--------------------------------------------------------------------------
|
|---|
| 55 | |
|
|---|
| 56 | | Sanctum can prefix new tokens in order to take advantage of numerous
|
|---|
| 57 | | security scanning initiatives maintained by open source platforms
|
|---|
| 58 | | that notify developers if they commit tokens into repositories.
|
|---|
| 59 | |
|
|---|
| 60 | | See: https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
|
|---|
| 61 | |
|
|---|
| 62 | */
|
|---|
| 63 |
|
|---|
| 64 | 'token_prefix' => env('SANCTUM_TOKEN_PREFIX', ''),
|
|---|
| 65 |
|
|---|
| 66 | /*
|
|---|
| 67 | |--------------------------------------------------------------------------
|
|---|
| 68 | | Sanctum Middleware
|
|---|
| 69 | |--------------------------------------------------------------------------
|
|---|
| 70 | |
|
|---|
| 71 | | When authenticating your first-party SPA with Sanctum you may need to
|
|---|
| 72 | | customize some of the middleware Sanctum uses while processing the
|
|---|
| 73 | | request. You may change the middleware listed below as required.
|
|---|
| 74 | |
|
|---|
| 75 | */
|
|---|
| 76 |
|
|---|
| 77 | 'middleware' => [
|
|---|
| 78 | 'authenticate_session' => Laravel\Sanctum\Http\Middleware\AuthenticateSession::class,
|
|---|
| 79 | 'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class,
|
|---|
| 80 | 'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
|
|---|
| 81 | ],
|
|---|
| 82 |
|
|---|
| 83 | ];
|
|---|
