F
Filament2d ago
Dev

CSRF Mismatch

I'm trying to setup connected login with Sanctum / Next.js Currently This is my setup 
User.php
class User extends Authenticatable
{
    use HasApiTokens;
    protected $fillable = [
        'name',
        'email',
        'password',
        'avatar_url',
        'total_points',
        'last_played_at'
    ];
User.php
class User extends Authenticatable
{
    use HasApiTokens;
    protected $fillable = [
        'name',
        'email',
        'password',
        'avatar_url',
        'total_points',
        'last_played_at'
    ];
http://127.0.0.1:8000/login
http://127.0.0.1:8000/login
{ "email": "[email protected]", "password": "password" } 
```php

AuthController.php
<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use App\Models\User;

class AuthController extends Controller
{
    public function login(Request $request)
{
    $request->validate([
        'email' => 'required|email',
        'password' => 'required',
    ]);

    if (!Auth::attempt($request->only('email', 'password'))) {
        return response()->json([
            'message' => 'Invalid credentials'
        ], 401);
    }

    return response()->json([
        'token' => $request->user()->createToken('auth_token')->plainTextToken,
        'user' => $request->user()
    ]);
}

    public function logout(Request $request)
    {
        $request->user()->currentAccessToken()->delete();

        return response()->json([
            'message' => 'Logged out successfully'
        ]);
    }
}
```php

AuthController.php
<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use App\Models\User;

class AuthController extends Controller
{
    public function login(Request $request)
{
    $request->validate([
        'email' => 'required|email',
        'password' => 'required',
    ]);

    if (!Auth::attempt($request->only('email', 'password'))) {
        return response()->json([
            'message' => 'Invalid credentials'
        ], 401);
    }

    return response()->json([
        'token' => $request->user()->createToken('auth_token')->plainTextToken,
        'user' => $request->user()
    ]);
}

    public function logout(Request $request)
    {
        $request->user()->currentAccessToken()->delete();

        return response()->json([
            'message' => 'Logged out successfully'
        ]);
    }
}
web.php 
<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;

// Public routes
Route::post('/login', [AuthController::class, 'login']);

// Protected routes
Route::middleware('auth:sanctum')->group(function () {
    Route::post('/logout', [AuthController::class, 'logout']);
    Route::get('/user', function (Request $request) {
        return $request->user();
    });
});
web.php 
<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;

// Public routes
Route::post('/login', [AuthController::class, 'login']);

// Protected routes
Route::middleware('auth:sanctum')->group(function () {
    Route::post('/logout', [AuthController::class, 'logout']);
    Route::get('/user', function (Request $request) {
        return $request->user();
    });
});
Response: 
{
  "message": "CSRF token mismatch.",
  "exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
  "file": "C:\\Users\\User\\Desktop\\Trivia\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
  "line": 644,
  "trace": [
    {
      "file": "C:\\Users\\User\\Desktop\\Trivia\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
      "line": 587,
      "function": "prepareException",
      "class": "Illuminate\\Foundation\\Exceptions\\Handler",
      "type": "->"
    },
{
  "message": "CSRF token mismatch.",
  "exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
  "file": "C:\\Users\\User\\Desktop\\Trivia\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
  "line": 644,
  "trace": [
    {
      "file": "C:\\Users\\User\\Desktop\\Trivia\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
      "line": 587,
      "function": "prepareException",
      "class": "Illuminate\\Foundation\\Exceptions\\Handler",
      "type": "->"
    },
3 Replies
Dev
DevOP2d ago
Note im trying to send the requests from bruno, im trying to figure out why exactly am i facing this problem
toeknee
toeknee2d ago
That's because the is a CSRF token mismatch. You likely haven't provided a CSRF token in the login request with nextJs.
toeknee
toeknee2d ago
See the last post here: https://stackoverflow.com/questions/74170224/how-to-get-laravel-csrf-value-in-nextjs
Stack Overflow
How to get Laravel CSRF value in NEXTJS
I have a Next JS frontend and Laravel 9 as backend. Created APIs and tested them on the postman. All of the API's working fine without any issues. The Problem So I have created a Nextjs file with a...

Did you find this page helpful?