Laravel Email Verification 5.7 using REST API

This case works for me. Full project code here.

1) Redesigned VerificationController controller

Removed redirects and made response()->json(...) responses.

<?phpnamespace App\Http\Controllers\API\Auth;use App\Http\Controllers\Controller;use Illuminate\Foundation\Auth\VerifiesEmails;use Illuminate\Http\Request;use Illuminate\Auth\Events\Verified;class VerificationController extends Controller{    use VerifiesEmails;    /**     * Show the email verification notice.     *     */    public function show()    {        //    }    /**     * Mark the authenticated user's email address as verified.     *     * @param  \Illuminate\Http\Request  $request     * @return \Illuminate\Http\Response     */    public function verify(Request $request)    {        // ->route('id') gets route user id and getKey() gets current user id()         // do not forget that you must send Authorization header to get the user from the request        if ($request->route('id') == $request->user()->getKey() &&            $request->user()->markEmailAsVerified()) {            event(new Verified($request->user()));        }        return response()->json('Email verified!');//        return redirect($this->redirectPath());    }    /**     * Resend the email verification notification.     *     * @param  \Illuminate\Http\Request  $request     * @return \Illuminate\Http\Response     */    public function resend(Request $request)    {        if ($request->user()->hasVerifiedEmail()) {            return response()->json('User already have verified email!', 422);//            return redirect($this->redirectPath());        }        $request->user()->sendEmailVerificationNotification();        return response()->json('The notification has been resubmitted');//        return back()->with('resent', true);    }    /**     * Create a new controller instance.     *     * @return void     */    public function __construct()    {        $this->middleware('auth');        $this->middleware('signed')->only('verify');        $this->middleware('throttle:6,1')->only('verify', 'resend');    }}

2) Added my Notification:

I made it so that the link in the email message led to my frontend and contained a temporarySignedRoute link for the request.

use Illuminate\Auth\Notifications\VerifyEmail as VerifyEmailBase;class VerifyEmail extends VerifyEmailBase{//    use Queueable;    /**     * Get the verification URL for the given notifiable.     *     * @param  mixed  $notifiable     * @return string     */    protected function verificationUrl($notifiable)    {        $prefix = config('frontend.url') . config('frontend.email_verify_url');        $temporarySignedURL = URL::temporarySignedRoute(            'verification.verify', Carbon::now()->addMinutes(60), ['id' => $notifiable->getKey()]        );        // I use urlencode to pass a link to my frontend.        return $prefix . urlencode($temporarySignedURL);    }}

3) Added config frontend.php:

return [    'url' => env('FRONTEND_URL', 'http://localhost:8080'),    // path to my frontend page with query param queryURL(temporarySignedRoute URL)    'email_verify_url' => env('FRONTEND_EMAIL_VERIFY_URL', '/verify-email?queryURL='),];

4) Added to User model:

use App\Notifications\VerifyEmail;

and

/** * Send the email verification notification. * * @return void */public function sendEmailVerificationNotification(){    $this->notify(new VerifyEmail); // my notification}

5) Added routes

The following routes are used in Laravel:

// Email Verification Routes...Route::get('email/verify', 'Auth\VerificationController@show')->name('verification.notice');Route::get('email/verify/{id}', 'Auth\VerificationController@verify')->name('verification.verify');Route::get('email/resend', 'Auth\VerificationController@resend')->name('verification.resend');

They are added to the application if used Auth::routes();.

As far as I understand the email/verify route and its method in the controller are not needed for Rest API.

6) On my frontend page /verify-email(from frontend.php config) i make a request to the address contained in the parameter queryURL

The received URL looks like this:

"http://localhost:8000/api/email/verify/6?expires=1537122891&signature=0e439ae2d511f4a04723a09f23d439ca96e96be54f7af322544fb76e3b39dd32"

My request(with Authorization header):

await this.$get(queryURL) // typical get request

The code perfectly verify the email and I can catch the error if it has already been verified. Also I can successfully resend the message to the email.

Did I make a mistake somewhere? Also I will be grateful if you improve something.

I tried Илья Зеленько answer but I must modify VerificationController construct method as follow

public function __construct(){    $this->middleware('auth')->except(['verify','resend']);    $this->middleware('signed')->only('verify');    $this->middleware('throttle:6,1')->only('verify', 'resend');}

otherwise laravel need autentication to access verify and resend routes