When I try to access an endpoint in my Laravel API, Jetstream redirects to the dashboard page. I am already logged in, and when I go to my endpoint from the dashboard, it goes back to the dashboard. I made my application without Jetstream, then I made a new project and copied my code to it (controllers, models, policies, etc.) I am using Laravel 10 and Jetstream 4. Here is my web.php:
Route::get('/', function () {
return view('welcome');
});
Route::middleware([
'auth:sanctum',
config('jetstream.auth_session'),
'verified',
])->group(function () {
Route::get('/dashboard', function () {
return view('dashboard');
})->name('dashboard');
});
api.php (I am trying to get to the assets route)
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
Route::group(['namespace' => '\App\Http\Controllers\Api', 'middleware' => 'auth:sanctum', config('jetstream.auth_session'),
'verified',], function() {
Route::apiResource('users', UserController::class)->names('users');
Route::apiResource('assets', AssetController::class)->names('assets');
Route::apiResource('events', EventController::class)->names('events');
Route::post('assets/bulk', ['uses' => 'App\Http\Controllers\Api\AssetController@bulkStore']);
});
I added the config('jetstream.auth_session') part because it's used in web.php. It didn't seem to make any difference.
Here is part of the page with the link that I tried to click on (resources/views/navigation-menu.blade.php)
<!-- Navigation Links -->
<div class="hidden space-x-8 sm:-my-px sm:ms-10 sm:flex">
<x-nav-link href="{{ route('dashboard') }}" :active="request()->routeIs('dashboard')">
{{ __('Dashboard') }}
</x-nav-link>
</div>
<div class="hidden space-x-8 sm:-my-px sm:ms-10 sm:flex">
<x-nav-link href="{{ route('assets') }}" :active="request()->routeIs('assets')">
{{ __('Assets') }}
</x-nav-link>
</div>
</div>
I don't know what other files are relevant to this issue. I don't have much experience with Laravel, and this is my first time using Jetstream. I read an article about how to redirect to a different route, but I don't want to do that. How do I make it go to my API endpoint without redirecting?
I tried clicking on the "Assets" link in the navigation menu at the dashboard route. I was expecting it to show a blank page, but it just redirected back to the dashboard. I also tried php artisan route:clear and doing Empty Cache and Hard Reload in Chrome, but I got the same result. Here is what the network tab of my developer tools looks like:
There's a 302 response on assets and login.The one on login comes from the assets endpoint. THere's a 200 on dashboard coming from login.
The middleware in your api.php is not configured correctly. You added config('jetstream.auth_session'), 'verified' as additional items on the array passed into Route::group(), but you needed to add them as items set on the middleware array:
Route::group(['namespace' => '\App\Http\Controllers\Api', 'middleware' => ['auth:sanctum', config('jetstream.auth_session'), 'verified']], function() {
//
}
Because your auth middleware wasn't defined correctly, when you attempted to visit the assets route, it couldn't determine that you were logged in, so it redirected you to login. However, when you hit the login route, it could determine that you were already logged in, so it redirected you to your dashboard route.
All that said, I think you might be trying to solve the wrong problem here. Your api routes are just that, routes that are meant to be hit by an api, and accessed via an api token (or some other type of api authentication method). Even if you do correct the middleware definition, I'm not sure that will actually work because the api routes are not setup to know about sessions, so the auth session middleware still won't be able to grant access to the api routes.
If you need an assets route that is part of your website, it should be defined inside of your web.php routes file. This would give you a web-accessible assets route and an api-accessible assets route. Ideally, these routes would be handled by their own separate controllers. If there is shared logic to handle the route, this shared logic should be extracted and called by each individual controller.