F
Filament2d ago
Dev

CSRF Mismatch

I'm trying to setup connected login with Sanctum / Next.js Currently This is my setup
User.php
class User extends Authenticatable
{
use HasApiTokens;
protected $fillable = [
'name',
'email',
'password',
'avatar_url',
'total_points',
'last_played_at'
];
User.php
class User extends Authenticatable
{
use HasApiTokens;
protected $fillable = [
'name',
'email',
'password',
'avatar_url',
'total_points',
'last_played_at'
];
http://127.0.0.1:8000/login
http://127.0.0.1:8000/login
{ "email": "[email protected]", "password": "password" }
```php

AuthController.php
<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use App\Models\User;

class AuthController extends Controller
{
public function login(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required',
]);

if (!Auth::attempt($request->only('email', 'password'))) {
return response()->json([
'message' => 'Invalid credentials'
], 401);
}

return response()->json([
'token' => $request->user()->createToken('auth_token')->plainTextToken,
'user' => $request->user()
]);
}

public function logout(Request $request)
{
$request->user()->currentAccessToken()->delete();

return response()->json([
'message' => 'Logged out successfully'
]);
}
}
```php

AuthController.php
<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use App\Models\User;

class AuthController extends Controller
{
public function login(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required',
]);

if (!Auth::attempt($request->only('email', 'password'))) {
return response()->json([
'message' => 'Invalid credentials'
], 401);
}

return response()->json([
'token' => $request->user()->createToken('auth_token')->plainTextToken,
'user' => $request->user()
]);
}

public function logout(Request $request)
{
$request->user()->currentAccessToken()->delete();

return response()->json([
'message' => 'Logged out successfully'
]);
}
}
web.php
<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;

// Public routes
Route::post('/login', [AuthController::class, 'login']);

// Protected routes
Route::middleware('auth:sanctum')->group(function () {
Route::post('/logout', [AuthController::class, 'logout']);
Route::get('/user', function (Request $request) {
return $request->user();
});
});
web.php
<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;

// Public routes
Route::post('/login', [AuthController::class, 'login']);

// Protected routes
Route::middleware('auth:sanctum')->group(function () {
Route::post('/logout', [AuthController::class, 'logout']);
Route::get('/user', function (Request $request) {
return $request->user();
});
});
Response:
{
"message": "CSRF token mismatch.",
"exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
"file": "C:\\Users\\User\\Desktop\\Trivia\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
"line": 644,
"trace": [
{
"file": "C:\\Users\\User\\Desktop\\Trivia\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
"line": 587,
"function": "prepareException",
"class": "Illuminate\\Foundation\\Exceptions\\Handler",
"type": "->"
},
{
"message": "CSRF token mismatch.",
"exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
"file": "C:\\Users\\User\\Desktop\\Trivia\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
"line": 644,
"trace": [
{
"file": "C:\\Users\\User\\Desktop\\Trivia\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
"line": 587,
"function": "prepareException",
"class": "Illuminate\\Foundation\\Exceptions\\Handler",
"type": "->"
},
3 Replies
Dev
DevOP2d ago
Note im trying to send the requests from bruno, im trying to figure out why exactly am i facing this problem
toeknee
toeknee2d ago
That's because the is a CSRF token mismatch. You likely haven't provided a CSRF token in the login request with nextJs.
toeknee
toeknee2d ago
Stack Overflow
How to get Laravel CSRF value in NEXTJS
I have a Next JS frontend and Laravel 9 as backend. Created APIs and tested them on the postman. All of the API's working fine without any issues. The Problem So I have created a Nextjs file with a...

Did you find this page helpful?