Currently, our Laravel API uses Sanctum for cookie-based authentication, which requires the frontend and backend to be on the same top-level domain. This restriction creates challenges when:
-
Testing the frontend locally against the production API.
-
Testing the backend locally, especially for Google Sign-In verification.
-
Running both the frontend and backend locally for contributors who need to work entirely on their machines without a deployment server.
Goals:
-
Allow local testing of the frontend against the deployed Laravel backend by supporting API token-based authentication.
-
Ensure local testing of the backend is functional, including Google Sign-In verification.
-
Provide a seamless setup for contributors to test both the frontend and backend completely locally.
Requirements:
- API Token Support for Local Frontend Testing:
-
Modify the Laravel API to support API token-based authentication as an alternative to cookies when testing locally.
-
Ensure API tokens can be generated for specific users in Laravel.
-
Update middleware to distinguish between cookie-based and token-based authentication based on the environment.
- Google Sign-In Compatibility for Local Backend Testing:
-
Set up test credentials for Google OAuth with localhost as the redirect URI.
-
Update the Laravel backend to verify Google Sign-In tokens for both production and local client IDs.
-
Provide clear documentation on setting up Google test credentials for local development.
- Full Local Testing Setup:
-
Ensure the Laravel API can be run locally using php artisan serve or Docker.
-
Ensure the locally-run frontend can communicate with the local Laravel API instance.
-
Allow contributors to mock Google Sign-In for local testing without requiring real tokens (e.g., using a dummy token generator or test payload).
Deliverables:
Testing Scenarios:
-
Local frontend interacting with the production backend via API tokens.
-
Local backend handling Google Sign-In with test credentials.
-
Full local setup with the frontend and backend communicating seamlessly.
Additional Notes:
-
The implementation should remain flexible to account for any roadblocks encountered during development.
-
If any of the above requirements cannot be met due to technical constraints, propose alternatives or adjustments to achieve similar functionality.
Currently, our Laravel API uses Sanctum for cookie-based authentication, which requires the frontend and backend to be on the same top-level domain. This restriction creates challenges when:
Testing the frontend locally against the production API.
Testing the backend locally, especially for Google Sign-In verification.
Running both the frontend and backend locally for contributors who need to work entirely on their machines without a deployment server.
Goals:
Allow local testing of the frontend against the deployed Laravel backend by supporting API token-based authentication.
Ensure local testing of the backend is functional, including Google Sign-In verification.
Provide a seamless setup for contributors to test both the frontend and backend completely locally.
Requirements:
Modify the Laravel API to support API token-based authentication as an alternative to cookies when testing locally.
Ensure API tokens can be generated for specific users in Laravel.
Update middleware to distinguish between cookie-based and token-based authentication based on the environment.
Set up test credentials for Google OAuth with localhost as the redirect URI.
Update the Laravel backend to verify Google Sign-In tokens for both production and local client IDs.
Provide clear documentation on setting up Google test credentials for local development.
Ensure the Laravel API can be run locally using
php artisan serveor Docker.Ensure the locally-run frontend can communicate with the local Laravel API instance.
Allow contributors to mock Google Sign-In for local testing without requiring real tokens (e.g., using a dummy token generator or test payload).
Deliverables:
Code changes to the Laravel backend to support the above scenarios.
Documentation for:
Setting up API tokens for local frontend testing.
Creating and using Google OAuth test credentials.
Running the frontend and backend entirely locally.
Testing instructions for the three scenarios to verify functionality.
Testing Scenarios:
Local frontend interacting with the production backend via API tokens.
Local backend handling Google Sign-In with test credentials.
Full local setup with the frontend and backend communicating seamlessly.
Additional Notes:
The implementation should remain flexible to account for any roadblocks encountered during development.
If any of the above requirements cannot be met due to technical constraints, propose alternatives or adjustments to achieve similar functionality.