To start, I've followed the instructions on setting up Laravel 5.3/Passport from this video. I want users to sign in with their username and passwords using the password_grant and consume the API using their access_token.
So no problem logging in and obtaining tokens. My question surrounds sending the access token back in my requests. I can see the token in the Request Header Cookie and have verified that it is valid. I was under the impression that adding the CreateFreshApiToken middleware would handle token verification but this doesn't seem to be the case. The API routes are protected with the auth:api middleware, just like in the video.
Kernel.php
protected $middlewareGroups = [
'web' => [
...
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class
],
];
In the past I've stored the token in localStorage and added it manually to the request headers but in the video linked above that never happens yet he's able to perform requests which require the access token. Would I still need to add the token to the headers manually? Or am I missing something glaringly obvious?
For what it's worth I'm using AngularJS 1.5.
via circuitBurn
