The previous Authenticate::redirectTo() -> null fix was incomplete:
Laravel's default Handler::unauthenticated() still falls back to
route('login') via '$exception->redirectTo() ?? route('login')'
whenever the request isn't detected as expectsJson() (no Accept:
application/json or X-Requested-With header), which throws
RouteNotFoundException since this app has no named login route.
Override unauthenticated() directly so this pure-API backend always
returns a JSON 401, regardless of request headers.
No named 'login' route exists anywhere in this app (it's a pure API
backend for the Nuxt SPA). Authenticate::redirectTo() called
route('login') for any request without an explicit Accept: application/json
header, throwing RouteNotFoundException and surfacing as a 500 instead
of the expected 401.
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>