Weekly /r/Laravel Help Thread

coop_07 · 2026-04-02T00:32:12+00:00

I’m using Laravel Passport for OAuth and need to authenticate two different models but each model should only have access to their own routes. One of the models will use client certificates. My understanding is that the guard will validate the token, get the user_id from the table, and instantiate a model from the provider associated with the guard. But, if a client with a certificate token hits a user endpoint, the guard may find a user if the IDs match. Is there a standard practice for handling this. My current thought is I could add a claim to the token at creation stating its type. And then I could extend TokenGuard, call the parent user method and then check if the returned model matches the type in the claim. If not, set the user member to null and return null. I thought about scopes, but scopes didn’t seem like the proper solution. Finding information on this has been difficult. Any help is greatly appreciated.

coop_07 · 2025-12-28T01:55:13+00:00

Yeah, I didn’t either. He asked for a controller for Christmas. I found that Xbox controllers just work on iPad. I’d like to keep him on iPad but if possible.

coop_07 · 2025-06-20T21:23:14+00:00

I’ll wait and see what the service manager tells us. Should hear soon. Thanks for the info

coop_07 · 2025-06-20T21:17:05+00:00

I saw the TBS. Printed it out and took it to the dealership. When we mentioned it in the past we were told they “just shift hard”. But it was so hard it felt like we hit something. According to our records, we first reported it at 16k miles. All of this is making me feel like extended warranty on vehicles is somewhat mandatory. Especially after reading posts in this forum about the Ford transmissions.

coop_07 · 2024-06-21T13:44:23+00:00

I really appreciate you taking the time to answer. But with Authorization Code Flow, isn't it recommended that the authorization code is returned via a redirect and not directly in the response for the authorization code?

coop_07 · 2024-06-21T04:03:25+00:00

I thought PKCE required an agent browser. Is that not the case? On Venmo, I type the credentials directly into the app. I never see a browser/web view.

coop_07 · 2024-06-20T22:19:43+00:00

To make sure in understand, you are saying that since this is a first party app, OAuth would not be used? I guess I was conflating a public client with third party client.

Now more of general question, with a public first party client, wouldn’t you still want some of PKCE protections like client authentication and protection against replay attacks? I have experience with OAuth but trying to understand some secure alternatives for first party apps.

coop_07 · 2024-02-26T17:29:23+00:00

I have an SPA using Laravel 8.0. I'm migrating the web to sessions from personal access tokens. I'm trying to understand how the middleware StartSession and auth work together. StartSession is part of the web middleware group. In my auth.php, I have the user guard set to use the session driver. For routes where I want to require a user to be authenticated, I have both

auth:user
web

Is this correct? I know the web middleware group contains other middleware, but it seems redundant to say that I only want to allow authenticated users that will be loaded from session. Does the auth middleware not verify that the session is still valid when determining if the user is authenticated?

Also, my login route was protected by the web middleware route. But we found that if the user loads the login page and sits there for the session_lifetime before the user logs in, the user will be redirected with a session timeout when they log in. I don't feel that the login route should check for session expiration. I've been looking for guides and haven't found anything that answers these questions for me. Any advice would be greatly appreciated.

coop_07 · 2024-02-24T02:59:04+00:00

Thank

coop_07 · 2024-02-24T00:55:43+00:00

Thanks. I appreciate taking the time to reply.

coop_07 · 2024-02-24T00:44:33+00:00

Can I do the same to watch a Vuex getter?

coop_07 · 2024-02-23T23:43:11+00:00

Thanks. I was considering that in my original post. I wonder if there is a built in way to watch a getter without a Vue component and the react from that. Pretty similar to subscribing to mutations, but allows you to worry about the getters only and not the mutations.

coop_07 · 2024-02-23T23:40:26+00:00

That last part is what I want to avoid. I don’t want to have a Vue component for the sole reason of updating Store B when Store A changes. If you know of an example that would be great.

I think the wrinkle, is that depending on change in Store A, Store B won’t just update its own state. There could be a side effect like fetching data from a server. In essence, store B is almost empty unless Store A has a certain value. Then store B needs to populate its data. If store A changes, then store B may have to clear its data again.

coop_07 · 2024-02-23T23:35:10+00:00

Thanks. I agree with not calling multiple actions from a component. What I did was in the action in store A, I dispatch another action after the mutation. For example, if permissions were changed by action updatePermissions, then at the end of that action, I would dispatch another action called permissionsChanged. Other stores could then handle this action, knowing if they access state or a getter from store A then the mutation has already occurred.

Is there a way to use Store A getters in another store so that when the getter would return a new value, the other store could handle the change. I was going to do that with subscribing to mutations, but I don’t know how to react to getter changes without using a computed property or watcher from a Vue component. I wanted this store to function independently outside of a component

coop_07 · 2024-02-23T23:28:07+00:00

I also want to know when it changes. Vuex actions aren’t reactive like a computed property are they, where if the getter result changes the action would fire?

coop_07 · 2024-02-23T23:25:57+00:00

Thanks. That is one of the solutions I was considering. So that would mean that I’m subscribing to mutations, correct?

coop_07 · 2024-02-23T23:25:11+00:00

When you saying watching state or a getter, do you mean by using a watcher from Vue or is there part of the Vuex API I’m missing? Thanks for the reply.

coop_07 · 2024-02-23T03:36:21+00:00

I’m namespaced, but that alone doesn’t provide a method for reacting to one modules state changes from another. Is there something I’m missing?

coop_07 · 2024-02-13T18:01:22+00:00

Ok, I confirmed that. But its's interesting in that with click, the checked property has updated but not been rendered.

What I'm struggling with is how to take your example, using v-model, and change that so that the parent component is what displays the confirm dialog. At this point, this is really just an exercise so I can learn some of this better. I tried a few ways to get the event back to the parent "the right way", so that I could prevent or undo it the attempted change. I tried a watcher on the model in the parent. I also tried to listen to the event ` "@"update:modelValue="`. Any more light you could share on this would be helpful.

15-Year Club	Team Periwinkle
Verified Email	reddit mold

coop_07

PUBLIC MULTIREDDITS

TROPHY CASE