Laravel Sanctum: A streamlined approach to API authentication in modern applications. APIs are crucial for inter-platform communication, and Sanctum offers a lightweight solution for securing them, fostering robust and scalable applications. This guide explores Sanctum's setup, features, and use cases, including SPAs and token-based authentication.
Laravel Sanctum simplifies API authentication, providing two key functionalities:
Unlike more complex solutions, Sanctum's lightweight nature and straightforward configuration make it perfect for applications without OAuth requirements.
Install Sanctum using Composer:
<code class="language-bash">composer require laravel/sanctum</code>
Publish the Sanctum configuration file:
<code class="language-bash">php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"</code>
This generates config/sanctum.php, allowing customization of Sanctum's settings.
Sanctum utilizes a personal_access_tokens table. Create this table:
<code class="language-bash">php artisan migrate</code>
Integrate Sanctum's middleware into your api middleware group within app/Http/Kernel.php:
<code class="language-php">'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],</code>Secure routes in routes/api.php using the auth:sanctum middleware:
<code class="language-php">use Illuminate\Support\Facades\Route;
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});</code>Generate personal access tokens using the createToken method:
<code class="language-php">use App\Models\User;
use Illuminate\Http\Request;
Route::post('/login', function (Request $request) {
$user = User::where('email', $request->email)->first();
if (! $user || ! Hash::check($request->password, $user->password)) {
return response()->json(['message' => 'Invalid credentials'], 401);
}
return $user->createToken('auth_token')->plainTextToken;
});</code>Revoke a user's token for logout:
<code class="language-php">Route::post('/logout', function (Request $request) {
$request->user()->tokens()->delete();
return response()->json(['message' => 'Logged out successfully']);
});</code>Sanctum leverages session-based authentication for SPAs.
Ensure EnsureFrontendRequestsAreStateful middleware is correctly configured within the api middleware group.
Send CSRF tokens with authenticated AJAX requests from your SPA:
<code class="language-bash">composer require laravel/sanctum</code>
Laravel Sanctum offers a user-friendly and efficient way to secure APIs for modern applications. Its lightweight design and flexible API simplify authentication for developers, making it a valuable tool for both SPAs and token-based API access. Experiment with Sanctum in your projects to fully appreciate its capabilities.
The above is the detailed content of Day Building APIs with Laravel Sanctum. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
