I´m using Laravel (10) Fortify (with Sanctum), to authenticate requests to the REST API. It works quite well but I´ve one serious issue and I think it´s simply a configuration problem:
Whenever an API request on a Fortify route fails (e.g. send a login request when the user is already logged in), Laravel (Fortify) tries to redirect the client to a defined route (e.g. home) as would it be a classic web request. However, that should normally not happen, when it´s an API request with "Accept: application/json" header in my understanding. In that case I would expect a http status matching the issue as a response but no redirect header.
Finally there are two possible solutions:
1. Update RedirectIfAuthenticated middleware as suggested by @Zenix
2. Setup own API routes for fortify and don´t include the RedirectIfAuthenticated middleware
In my opinion Option 1 is the better way to go cause it resolves the issue on the basis. Thanks for your support!