Laravel Sanctum is another laravel official package from Laravel Framework. Until 20 March 2020, it was Laravel Airlock. Due to trademark dispute, Taylor Otwell renames it with Laravel Sanctum and confirmed it with a blog post. It's a lightweight authentication package for working on SPA (Single Page Application) or simple API. Before discovering the package, let's have a look at what Laravel Sanctum offers us.
Open the command prompt and Install the package by composer require command.
composer require laravel/sanctumPublish the vendor for Laravel Sanctum service provider.
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"Now run the migration command.
php artisan migrate
By default, Laravel offers us auth:api middleware for making simple token-based API authentication. If we use Sanctum for API authentication we have to add these on kernel file. So, we can use auth:sanctum
//kernel.php
use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
'api' => [
EnsureFrontendRequestsAreStateful::class,
'throttle:60,1',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],Done! now you can use Sanctum in our API routes.
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});We can use multiple guards for authentication. If we use the passport for our API then we have to use like as below
Route::middleware('auth:sanctum,passport')->get('/user', function (Request $request) {
return $request->user();
});
To use SPA auth, first, make a GET request to /sanctum/csrf-cookie for enabling the CSRF protection. After that, we have to make a POST request to /login as well as.
To issuing API token, we have to use the HasApiTokens trait in our user model.
use Laravel\Sanctum\HasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, Notifiable;
}Now we can issue tokens for a user.
$token = $user->createToken('here-token-name');
return $token->plainTextToken;
We can fix the token abilities for a token so that the user can do an only specific thing with that API token.
return $user->createToken('token-name', ['post:update'])->plainTextToken;To check the ability of a token we can use tokenCan method on a user model object.
if ($user->tokenCan('post:update')) {
//
}
$user->tokens->each->delete();
Hope this post will help you to learn about Laravel Sanctum and how to make API using Laravel Sanctum package. It this post helpful to then please share it with others.
