@maxtor - Just checking in here …
I confirmed that the API route that’s there was not added as a part of this sample so I removed that to avoid any further confusion there.
So, what we’re now dealing with is just basic Laravel API authentication, which does fall outside of Auth0’s scope here but is interesting never-the-less. I explored the idea I mentioned earlier of a session-based API call but I wouldn’t recommend it as it goes recommendations for good API building. You’re also potentially opening yourself up for a CSRF attack if you start to handle anything besides a GET request. I’ll leave the links here since you can Google and find them but, again, not recommended:
The right way to do this is with Passport using the article I linked to before. We just want to issue a token for a JS request to your app’s API, nothing fancy, so we’ll follow the Consuming your API with JS section.
At the moment, thought, I’m not able to get this working with our Laravel module as it is built now. Part of the problem relates to one of the issues you opened about the Auth0User class not using the Eloquent model. Another is how the Auth0UserProvider is composed. Even with changes to both of those, though, I’m still getting the redirect. I’m not sure if we’re checking auth and redirecting too early (before Passport can check the token) or if we’re overriding what Passport is doing somehow.
That’s where I’m at currently. Again, this is a use case we definitely want to support but I need to find the time to focus on how to do this correctly, first, and then how we can alter the library to support it (which may require a major release).
Thanks for your patience and let me know if you discover anything in the meantime!