{"id":450,"date":"2021-03-27T22:00:00","date_gmt":"2021-03-27T22:00:00","guid":{"rendered":"https:\/\/rishikantsri.in\/blog\/?p=450"},"modified":"2023-10-18T11:00:44","modified_gmt":"2023-10-18T11:00:44","slug":"laravel-sanctum-an-in-depth-guide","status":"publish","type":"post","link":"https:\/\/rishikantsri.in\/blog\/laravel-sanctum-an-in-depth-guide\/","title":{"rendered":"Laravel Sanctum: An In-Depth Guide"},"content":{"rendered":"\n

Laravel Sanctum is a package provided by the Laravel framework for API authentication. It offers a straightforward way to implement API token-based authentication and secure your API routes in Laravel. In this guide, we’ll explore Laravel Sanctum in detail, covering its syntax, providing a demo example, and discussing its pros and cons.<\/p>\n\n\n\n

Table of Contents<\/h2>\n\n\n\n
    \n
  1. Introduction to Laravel Sanctum<\/strong><\/li>\n\n\n\n
  2. Syntax and Basic Usage<\/strong><\/li>\n\n\n\n
  3. Demo: Implementing Laravel Sanctum<\/strong><\/li>\n\n\n\n
  4. Pros of Laravel Sanctum<\/strong><\/li>\n\n\n\n
  5. Cons of Laravel Sanctum<\/strong><\/li>\n\n\n\n
  6. Conclusion<\/strong><\/li>\n<\/ol>\n\n\n\n

    1. Introduction to Laravel Sanctum<\/h2>\n\n\n\n

    Laravel Sanctum is an official Laravel package that simplifies API authentication by allowing you to issue API tokens for users or clients. It is particularly useful for securing API routes, providing stateless authentication, and handling Single Page Application (SPA) authentication scenarios.<\/p>\n\n\n\n

    2. Syntax and Basic Usage<\/h2>\n\n\n\n

    2.1. Installation<\/h3>\n\n\n\n

    To use Laravel Sanctum, you need to install it via Composer. Run the following command:<\/p>\n\n\n\n

    PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
    composer <\/span>require<\/span> laravel<\/span>\/<\/span>sanctum<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
    After installation, register the Sanctum service provider in your config\/app.php<\/code>:<\/p>\n\n\n\n
    PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
    'providers'<\/span> <\/span>=><\/span> [<\/span><\/span>\n    <\/span>\/\/ ...<\/span><\/span>\n    <\/span>Laravel<\/span>\\<\/span>Sanctum<\/span>\\<\/span>SanctumServiceProvider<\/span>::class<\/span>,<\/span><\/span>\n]<\/span>,<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
    Next, publish Sanctum’s configuration and migration files:<\/p>\n\n\n\n
    PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
    php artisan vendor:publish <\/span>--<\/span>tag<\/span>=<\/span>sanctum<\/span>-<\/span>config<\/span><\/span>\nphp artisan vendor:publish <\/span>--<\/span>tag<\/span>=<\/span>sanctum<\/span>-<\/span>migrations<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
    Finally, run the migrations to create the necessary database tables:<\/p>\n\n\n\n
    PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
    php artisan migrate<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
    2.2. Generating API Tokens<\/h3>\n\n\n\n
    You can generate API tokens for users or clients. This is typically done in your authentication process. For instance, if you want to issue tokens to authenticated users upon login, you might do something like this in your controller:<\/p>\n\n\n\n
    PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
    use<\/span> <\/span>Laravel<\/span>\\<\/span>Sanctum<\/span>\\<\/span>PersonalAccessToken<\/span>;<\/span><\/span>\n<\/span>\n$token <\/span>=<\/span> $user<\/span>-><\/span>createToken<\/span>(<\/span>'token-name'<\/span>)<\/span>;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
    This generates a new token for the user with the given name.<\/p>\n\n\n\n
    2.3. Protecting Routes<\/h3>\n\n\n\n
    To protect your API routes using Sanctum, you can apply the auth:sanctum<\/code> middleware. For example:<\/p>\n\n\n\n
    PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
    Route<\/span>::<\/span>middleware<\/span>(<\/span>'auth:sanctum'<\/span>)<\/span>-><\/span>get<\/span>(<\/span>'\/api\/protected'<\/span>,<\/span> <\/span>function<\/span> () {<\/span><\/span>\n    <\/span>\/\/ Your protected route logic here<\/span><\/span>\n}<\/span>)<\/span>;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
    This middleware ensures that only authenticated users with valid API tokens can access the route.<\/p>\n\n\n\n
    3. Demo: Implementing Laravel Sanctum<\/h2>\n\n\n\n
    Let’s demonstrate how to implement Laravel Sanctum in a simple API. We’ll create a basic API with user registration, token issuance, and a protected route.<\/p>\n\n\n\n
    3.1. Set Up User Model and Migration<\/h3>\n\n\n\n
    Create a User<\/code> model with a migration:<\/p>\n\n\n\n
    PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
    php artisan make:model User <\/span>-<\/span>m<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
    Define the user table structure in the migration file.<\/p>\n\n\n\n
    3.2. Run Migrations<\/h3>\n\n\n\n
    Run the migrations to create the users table:<\/p>\n\n\n\n
    PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
    php artisan migrate<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
    3.3. Implement User Registration<\/h3>\n\n\n\n
    Create an API route for user registration and a controller method to handle it. In the controller, create a new user and issue a token for them using Sanctum.<\/p>\n\n\n\n
    3.4. Create a Protected Route<\/h3>\n\n\n\n
    Define a protected route with the auth:sanctum<\/code> middleware, which ensures that only authenticated users can access it.<\/p>\n\n\n\n
    3.5. Testing<\/h3>\n\n\n\n
    Use tools like Postman or cURL to test the registration and protected route endpoints. Authenticate by sending the token as a header in the request.<\/p>\n\n\n\n
    4. Pros of Laravel Sanctum<\/h2>\n\n\n\n
    4.1. Simplicity<\/h3>\n\n\n\n
    Laravel Sanctum is easy to set up and use, making it accessible for developers of all experience levels.<\/p>\n\n\n\n
    4.2. SPA Authentication<\/h3>\n\n\n\n
    It’s designed for secure SPA authentication, providing stateful CSRF protection to safeguard against common web application attacks.<\/p>\n\n\n\n
    4.3. Official Laravel Package<\/h3>\n\n\n\n
    Being an official Laravel package means it’s well-maintained and follows Laravel’s coding standards.<\/p>\n\n\n\n
    4.4. Active Community<\/h3>\n\n\n\n
    With a Laravel package, Sanctum benefits from a large, active community that contributes to its development and documentation.<\/p>\n\n\n\n
    5. Cons of Laravel Sanctum<\/h2>\n\n\n\n
    5.1. Limited to API Authentication<\/h3>\n\n\n\n
    Sanctum is primarily designed for API authentication and may not cover all authentication scenarios, such as OAuth2 flows.<\/p>\n\n\n\n
    5.2. Learning Curve<\/h3>\n\n\n\n
    While Sanctum is relatively simple, there may still be a learning curve for those new to Laravel or API authentication.<\/p>\n\n\n\n
    5.3. Not Ideal for All Use Cases<\/h3>\n\n\n\n
    For applications with complex authentication requirements, such as single sign-on (SSO), other packages like Laravel Passport may be more suitable.<\/p>\n\n\n\n
    6. Conclusion<\/h2>\n\n\n\n
    Laravel Sanctum is a valuable package for adding API token-based authentication to your Laravel applications, especially when building APIs and SPAs. It offers simplicity, security, and the advantage of being an official Laravel package. While it may not cover all authentication scenarios, it excels in the context of stateless API authentication and is well-suited for many projects. By following the installation and usage steps provided, you can quickly enhance the security of your Laravel API with Sanctum.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Laravel Sanctum is a package provided by the Laravel framework for API authentication. It offers a straightforward way to implement API token-based authentication and secure your API routes in Laravel. In this guide, we’ll explore Laravel Sanctum in detail, covering its syntax, providing a demo example, and discussing its pros and cons. Table of Contents […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57,11],"tags":[44,3,4,58],"_links":{"self":[{"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/posts\/450"}],"collection":[{"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/comments?post=450"}],"version-history":[{"count":2,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/posts\/450\/revisions"}],"predecessor-version":[{"id":453,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/posts\/450\/revisions\/453"}],"wp:attachment":[{"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/media?parent=450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/categories?post=450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/tags?post=450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}