Laravel Sanctum: A streamlined approach to API authentication in modern applications. APIs are crucial for inter-platform communication, and Sanctum offers a lightweight solution for securing them, fostering robust and scalable applications. This guide explores Sanctum's setup, features, and use cases, including SPAs and token-based authentication.
Laravel Sanctum simplifies API authentication, providing two key functionalities:
Unlike more complex solutions, Sanctum's lightweight nature and straightforward configuration make it perfect for applications without OAuth requirements.
Install Sanctum using Composer:
composer require laravel/sanctum
Publish the Sanctum configuration file:
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
This generates config/sanctum.php
, allowing customization of Sanctum's settings.
Sanctum utilizes a personal_access_tokens
table. Create this table:
php artisan migrate
Integrate Sanctum's middleware into your api
middleware group within app/Http/Kernel.php
:
'api' => [ \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, 'throttle:api', \Illuminate\Routing\Middleware\SubstituteBindings::class, ],
Secure routes in routes/api.php
using the auth:sanctum
middleware:
use Illuminate\Support\Facades\Route; Route::middleware('auth:sanctum')->get('/user', function (Request $request) { return $request->user(); });
Generate personal access tokens using the createToken
method:
use App\Models\User; use Illuminate\Http\Request; Route::post('/login', function (Request $request) { $user = User::where('email', $request->email)->first(); if (! $user || ! Hash::check($request->password, $user->password)) { return response()->json(['message' => 'Invalid credentials'], 401); } return $user->createToken('auth_token')->plainTextToken; });
Revoke a user's token for logout:
Route::post('/logout', function (Request $request) { $request->user()->tokens()->delete(); return response()->json(['message' => 'Logged out successfully']); });
Sanctum leverages session-based authentication for SPAs.
Ensure EnsureFrontendRequestsAreStateful
middleware is correctly configured within the api
middleware group.
Send CSRF tokens with authenticated AJAX requests from your SPA:
composer require laravel/sanctum
Laravel Sanctum offers a user-friendly and efficient way to secure APIs for modern applications. Its lightweight design and flexible API simplify authentication for developers, making it a valuable tool for both SPAs and token-based API access. Experiment with Sanctum in your projects to fully appreciate its capabilities.
The above is the detailed content of Day Building APIs with Laravel Sanctum. For more information, please follow other related articles on the PHP Chinese website!