DEV Community: Siddhu The latest articles on DEV Community by Siddhu (@siddhartha). https://dev.to/siddhartha https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F123022%2F52578091-5974-440a-bfab-89da7dd93ea2.jpeg DEV Community: Siddhu https://dev.to/siddhartha en API Authentication via Social Networks in Laravel 9 using Sanctum with Socialite Siddhu Sat, 16 Oct 2021 16:01:04 +0000 https://dev.to/siddhartha/api-authentication-via-social-networks-in-laravel-8-using-sanctum-with-socialite-36pa https://dev.to/siddhartha/api-authentication-via-social-networks-in-laravel-8-using-sanctum-with-socialite-36pa <h1> Laravel Sanctum with Socialite </h1> <p>Earlier I have written, <a href="https://dev.to/siddhartha/laravel-sanctum-d3m">How to use Laravel Sanctum and user authentication using API</a></p> <p>Now, I'm going to add social logins using via API. </p> <p>In this example, I'll show you how to integrate Laravel Sanctum authentication with social networks via Facebook, Google and GitHub. </p> <p>Make sure, you have already installed Laravel Sanctum if not follow this <a href="https://dev.to/siddhartha/laravel-sanctum-d3m">article</a> and then come here.</p> <h2> Laravel Socialite Configuration </h2> <p><strong>STEP1:</strong> Install socialite package</p> <p><code>composer require laravel/socialite</code> </p> <p><strong>STEP2:</strong> Config socialite</p> <p>You need to add all social config details to <code>config\services.php</code> file. As I shown below</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> 'github' =&gt; [ 'client_id' =&gt; env('GITHUB_CLIENT_ID'), 'client_secret' =&gt; env('GITHUB_CLIENT_SECRET'), 'redirect' =&gt; 'GITHUB_REDIRECT_URI', ], 'facebook' =&gt; [ 'client_id' =&gt; env('FACEBOOK_CLIENT_ID'), 'client_secret' =&gt; env('FACEBOOK_CLIENT_SECRET'), 'redirect' =&gt; 'FACEBOOK_REDIRECT_URI', ], 'google' =&gt; [ 'client_id' =&gt; env('GOOGLE_CLIENT_ID'), 'client_secret' =&gt; env('GOOGLE_CLIENT_SECRET'), 'redirect' =&gt; 'GOOGLE_REDIRECT_URI', ], </code></pre> </div> <p><strong>STEP3:</strong> Get config details from OAuth services providers</p> <p>Now, You need to get CLIENT_ID and CLIENT_SECRET from respective social developer accounts, Here I provided the following links</p> <p>GitHub <a href="https://github.com/settings/developers" rel="noopener noreferrer">https://github.com/settings/developers</a><br> Google <a href="https://console.developers.google.com/apis/dashboard" rel="noopener noreferrer">https://console.developers.google.com/apis/dashboard</a><br> Facebook <a href="https://developers.facebook.com/apps/" rel="noopener noreferrer">https://developers.facebook.com/apps/</a></p> <p>It is easy to setup developer account in all social networks, where you can get the CLIENT_ID and CLIENT_SECRET keys. Finally, you need to set call-back URL. After successfully authentication it will send token to that URL. </p> <p><strong>STEP4:</strong> Set config details on your application</p> <p>You have all CLIENT_ID and CLIENT_SECRET keys, Now add those keys into <code>.env</code> file</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> GITHUB_CLIENT_ID=XXXXXXXXX GITHUB_CLIENT_SECRET=XXXXXXX GITHUB_REDIRECT_URI=http://127.0.0.1:8000/api/login/github/callback </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff3y2hra1255jt91vuo47.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff3y2hra1255jt91vuo47.png" alt="Your GitHub account setting"></a><br> <em>Your GitHub account setting</em></p> <p>Similarly add all other OAuth service providers</p> <p><strong>STEP5:</strong> Make password nullable</p> <p>When you authenticate user with OAuth services, you will receive token not password. So, in our database the password field must be nullable.</p> <p>Modify password field as nullable in users_table migration file.</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="k">public</span> <span class="k">function</span> <span class="n">up</span><span class="p">()</span> <span class="p">{</span> <span class="nc">Schema</span><span class="o">::</span><span class="nf">create</span><span class="p">(</span><span class="s1">'users'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="kt">Blueprint</span> <span class="nv">$table</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">id</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">string</span><span class="p">(</span><span class="s1">'name'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">string</span><span class="p">(</span><span class="s1">'email'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">unique</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">timestamp</span><span class="p">(</span><span class="s1">'email_verified_at'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">nullable</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">string</span><span class="p">(</span><span class="s1">'password'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">nullable</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">rememberToken</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">timestamps</span><span class="p">();</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p><strong>STEP6:</strong> Create providers table</p> <p>Now, you have to create another table for providers</p> <p><code>php artisan make:migration create_providers_table</code></p> <p>In the providers migration file, add this fields </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="k">public</span> <span class="k">function</span> <span class="n">up</span><span class="p">()</span> <span class="p">{</span> <span class="nc">Schema</span><span class="o">::</span><span class="nf">create</span><span class="p">(</span><span class="s1">'providers'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="kt">Blueprint</span> <span class="nv">$table</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">bigIncrements</span><span class="p">(</span><span class="s1">'id'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">string</span><span class="p">(</span><span class="s1">'provider'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">string</span><span class="p">(</span><span class="s1">'provider_id'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">bigInteger</span><span class="p">(</span><span class="s1">'user_id'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">unsigned</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">string</span><span class="p">(</span><span class="s1">'avatar'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">nullable</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">timestamps</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">foreign</span><span class="p">(</span><span class="s1">'user_id'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">references</span><span class="p">(</span><span class="s1">'id'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">on</span><span class="p">(</span><span class="s1">'users'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">onDelete</span><span class="p">(</span><span class="s1">'cascade'</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p><strong>STEP7:</strong> Create Provider table</p> <p>Make Provider model</p> <p><code>php artisan make:model Provider</code></p> <p>open Provider model</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App\Models</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Database\Eloquent\Factories\HasFactory</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Database\Eloquent\Model</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">Provider</span> <span class="kd">extends</span> <span class="nc">Model</span> <span class="p">{</span> <span class="kn">use</span> <span class="nc">HasFactory</span><span class="p">;</span> <span class="k">protected</span> <span class="nv">$fillable</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'provider'</span><span class="p">,</span><span class="s1">'provider_id'</span><span class="p">,</span><span class="s1">'user_id'</span><span class="p">,</span><span class="s1">'avatar'</span><span class="p">];</span> <span class="k">protected</span> <span class="nv">$hidden</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'created_at'</span><span class="p">,</span><span class="s1">'updated_at'</span><span class="p">];</span> <span class="p">}</span> </code></pre> </div> <p><strong>STEP8:</strong> Add provider relation to user table</p> <p>Here I have created Providers function on user model</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App\Models</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Contracts\Auth\MustVerifyEmail</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Database\Eloquent\Factories\HasFactory</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Foundation\Auth\User</span> <span class="k">as</span> <span class="nc">Authenticatable</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Notifications\Notifiable</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Laravel\Sanctum\HasApiTokens</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">User</span> <span class="kd">extends</span> <span class="nc">Authenticatable</span> <span class="p">{</span> <span class="kn">use</span> <span class="nc">HasApiTokens</span><span class="p">,</span> <span class="nc">HasFactory</span><span class="p">,</span> <span class="nc">Notifiable</span><span class="p">;</span> <span class="cd">/** * The attributes that are mass assignable. * * @var string[] */</span> <span class="k">protected</span> <span class="nv">$fillable</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'name'</span><span class="p">,</span> <span class="s1">'email'</span><span class="p">,</span> <span class="s1">'password'</span><span class="p">,</span> <span class="p">];</span> <span class="cd">/** * The attributes that should be hidden for serialization. * * @var array */</span> <span class="k">protected</span> <span class="nv">$hidden</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'password'</span><span class="p">,</span> <span class="s1">'remember_token'</span><span class="p">,</span> <span class="p">];</span> <span class="cd">/** * The attributes that should be cast. * * @var array */</span> <span class="k">protected</span> <span class="nv">$casts</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'email_verified_at'</span> <span class="o">=&gt;</span> <span class="s1">'datetime'</span><span class="p">,</span> <span class="p">];</span> <span class="k">public</span> <span class="k">function</span> <span class="n">providers</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">hasMany</span><span class="p">(</span><span class="nc">Provider</span><span class="o">::</span><span class="n">class</span><span class="p">,</span><span class="s1">'user_id'</span><span class="p">,</span><span class="s1">'id'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>STEP9:</strong> Add the Routes</p> <p>Open <code>routes/api.php</code> file add route URL's</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="nc">Route</span><span class="o">::</span><span class="nf">get</span><span class="p">(</span><span class="s1">'/login/{provider}'</span><span class="p">,</span> <span class="p">[</span><span class="nc">AuthController</span><span class="o">::</span><span class="n">class</span><span class="p">,</span><span class="s1">'redirectToProvider'</span><span class="p">]);</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">get</span><span class="p">(</span><span class="s1">'/login/{provider}/callback'</span><span class="p">,</span> <span class="p">[</span><span class="nc">AuthController</span><span class="o">::</span><span class="n">class</span><span class="p">,</span><span class="s1">'handleProviderCallback'</span><span class="p">]);</span> </code></pre> </div> <p>Add above functions on your controller</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App\Http\Controllers</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Http\Request</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Http\Response</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Support\Facades\Hash</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">GuzzleHttp\Exception\ClientException</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Http\JsonResponse</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Laravel\Socialite\Facades\Socialite</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">App\Models\User</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">Authcontroller</span> <span class="kd">extends</span> <span class="nc">Controller</span> <span class="p">{</span> <span class="cd">/** * Redirect the user to the Provider authentication page. * * @param $provider * @return JsonResponse */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">redirectToProvider</span><span class="p">(</span><span class="nv">$provider</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$validated</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">validateProvider</span><span class="p">(</span><span class="nv">$provider</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nb">is_null</span><span class="p">(</span><span class="nv">$validated</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$validated</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nc">Socialite</span><span class="o">::</span><span class="nf">driver</span><span class="p">(</span><span class="nv">$provider</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">stateless</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">redirect</span><span class="p">();</span> <span class="p">}</span> <span class="cd">/** * Obtain the user information from Provider. * * @param $provider * @return JsonResponse */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">handleProviderCallback</span><span class="p">(</span><span class="nv">$provider</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$validated</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">validateProvider</span><span class="p">(</span><span class="nv">$provider</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nb">is_null</span><span class="p">(</span><span class="nv">$validated</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$validated</span><span class="p">;</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="nv">$user</span> <span class="o">=</span> <span class="nc">Socialite</span><span class="o">::</span><span class="nf">driver</span><span class="p">(</span><span class="nv">$provider</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">stateless</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">user</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nc">ClientException</span> <span class="nv">$exception</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">response</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">json</span><span class="p">([</span><span class="s1">'error'</span> <span class="o">=&gt;</span> <span class="s1">'Invalid credentials provided.'</span><span class="p">],</span> <span class="mi">422</span><span class="p">);</span> <span class="p">}</span> <span class="nv">$userCreated</span> <span class="o">=</span> <span class="nc">User</span><span class="o">::</span><span class="nf">firstOrCreate</span><span class="p">(</span> <span class="p">[</span> <span class="s1">'email'</span> <span class="o">=&gt;</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="nf">getEmail</span><span class="p">()</span> <span class="p">],</span> <span class="p">[</span> <span class="s1">'email_verified_at'</span> <span class="o">=&gt;</span> <span class="nf">now</span><span class="p">(),</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="nf">getName</span><span class="p">(),</span> <span class="s1">'status'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="p">]</span> <span class="p">);</span> <span class="nv">$userCreated</span><span class="o">-&gt;</span><span class="nf">providers</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">updateOrCreate</span><span class="p">(</span> <span class="p">[</span> <span class="s1">'provider'</span> <span class="o">=&gt;</span> <span class="nv">$provider</span><span class="p">,</span> <span class="s1">'provider_id'</span> <span class="o">=&gt;</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="nf">getId</span><span class="p">(),</span> <span class="p">],</span> <span class="p">[</span> <span class="s1">'avatar'</span> <span class="o">=&gt;</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="nf">getAvatar</span><span class="p">()</span> <span class="p">]</span> <span class="p">);</span> <span class="nv">$token</span> <span class="o">=</span> <span class="nv">$userCreated</span><span class="o">-&gt;</span><span class="nf">createToken</span><span class="p">(</span><span class="s1">'token-name'</span><span class="p">)</span><span class="o">-&gt;</span><span class="n">plainTextToken</span><span class="p">;</span> <span class="k">return</span> <span class="nf">response</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">json</span><span class="p">(</span><span class="nv">$userCreated</span><span class="p">,</span> <span class="mi">200</span><span class="p">,</span> <span class="p">[</span><span class="s1">'Access-Token'</span> <span class="o">=&gt;</span> <span class="nv">$token</span><span class="p">]);</span> <span class="p">}</span> <span class="cd">/** * @param $provider * @return JsonResponse */</span> <span class="k">protected</span> <span class="k">function</span> <span class="n">validateProvider</span><span class="p">(</span><span class="nv">$provider</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nb">in_array</span><span class="p">(</span><span class="nv">$provider</span><span class="p">,</span> <span class="p">[</span><span class="s1">'facebook'</span><span class="p">,</span> <span class="s1">'github'</span><span class="p">,</span> <span class="s1">'google'</span><span class="p">]))</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">response</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">json</span><span class="p">([</span><span class="s1">'error'</span> <span class="o">=&gt;</span> <span class="s1">'Please login using facebook, github or google'</span><span class="p">],</span> <span class="mi">422</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>STEP10:</strong> Final step, Call the OAuth services URL</p> <p>In my case I setup everything in my local, open</p> <p><code>http://127.0.0.1:8000/api/login/github</code></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff7agmw8l730bupjbisd3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff7agmw8l730bupjbisd3.png" alt="github login"></a></p> <p>After successfully login you will receive </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foaxdex6ie835we94oe2n.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foaxdex6ie835we94oe2n.png" alt="github response"></a></p> <p>Sometimes routes api url will throw errors, try to use this command <strong>php artisan route:clear</strong></p> <p>Please feel free to ask me anything on this topic!</p> laravel socialogins socialite sanctum Laravel Sanctum Siddhu Tue, 05 Oct 2021 16:49:40 +0000 https://dev.to/siddhartha/laravel-sanctum-d3m https://dev.to/siddhartha/laravel-sanctum-d3m <p>I want to build an authentication system for both WEB and Mobile using API. After searching for good framework, Finally I choose Laravel. It is well suited for my requirement and one of the best frameworks, large community and well documented.</p> <p>In this article, I'll explain step by step flow that how to integrate Laravel Sanctum. Mainly I focus on API base authentication.</p> <h2> Use cases </h2> <ol> <li>API Tokens</li> <li>Web Authentication</li> <li>You can use both (API Tokens &amp; Web Authentication)</li> </ol> <h3> API Tokens </h3> <p>Its generate a simple API token for your user without complication of OAuth. This token have expire very long time (years). All tokens store in single database table and authenticating incoming HTTP requests via the Authorization header which should contain a valid API token.</p> <h3> Web Authentication </h3> <p>Laravel Sanctum will only attempt to authenticate using cookies when the incoming request originates from your own frontend. When you call HTTP request, it will first check for an authentication cookie and, if none is present, Sanctum will then examine the Authorization header for a valid API token.</p> <h3> You can use both (API Tokens &amp; Web Authentication) </h3> <p>It's okay to use single service either API Tokens or Web Authentication, it doesn't mean that you should mandatory use both services. You can use anyway based on your requirement. </p> <h4> Laravel installation </h4> <p><code>composer create-project laravel/laravel laravel_sanctum</code><br> after installation done, start server to check installation successfully done.<br> <code>php artisan serve</code></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fulob5tiko21lghcv45i6.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fulob5tiko21lghcv45i6.png" alt="Alt Text"></a></p> <p>On the latest version of Laravel has already include Laravel Sanctum. </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3k6o11xtcifcqdfo0yiw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3k6o11xtcifcqdfo0yiw.png" alt="Alt Text"></a></p> <p>However, If you are using old version of Laravel, You can do it manually. </p> <p>In your application's <code>composer.json</code> file does not include <code>laravel/sanctum</code> then add it on <code>composer.json' file and run command</code>composer update` <strong>or</strong> follow the link instructions <a href="https://laravel.com/docs/8.x/sanctum#installation" rel="noopener noreferrer">Larevel-sanctum</a>.</p> <h3> Database config </h3> <p>Open <code>.env</code> file and add your database details, In my case I'm using MySQL.</p> <pre> DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=laravel_sanctum DB_USERNAME=root DB_PASSWORD= </pre> <p>After database configuration done. Run the command <code>php artisan migrate</code>. it will create a default database tables from Laravel.</p> <p>Now you should add Sanctum's middleware to your <code>api</code> middleware group at <code>app/Http/Kernel.php</code>.</p> <pre> protected $middlewareGroups = [ 'web' =&gt; [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, // \Illuminate\Session\Middleware\AuthenticateSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, ], 'api' =&gt; [ \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, 'throttle:api', \Illuminate\Routing\Middleware\SubstituteBindings::class, ], ]; </pre> <p>Next, you should publish the Sanctum configuration and migration files using the <code>vendor:publish</code> Artisan command. The sanctum configuration file will be placed in your application's <code>config</code> directory:</p> <pre> php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider" </pre> <p>And it will create migration file for personal access token</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy45505ftbhm0a3swtnnn.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy45505ftbhm0a3swtnnn.png" alt="image"></a></p> <p>Sanctum allows you to issue API tokens / personal access tokens that may be used to authenticate API requests to your application. When making requests using API tokens, the token should be included in the <code>Authorization</code> header as a <code>Bearer</code> token.</p> <p>To begin issuing tokens for users, your User model should use the <code>Laravel\Sanctum\HasApiTokens</code> trait:</p> <pre> use Laravel\Sanctum\HasApiTokens; class User extends Authenticatable { use HasApiTokens, HasFactory, Notifiable; } </pre> <p>Create a controller for user authentication</p> <pre> php artisan make:controller Authcontroller </pre> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdjy3pqfyx6c9xp6rdgup.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdjy3pqfyx6c9xp6rdgup.png" alt="image"></a></p> <p>it will AuthController, In the AuthController add the follow lines</p> <p>Request<br> <code>use Illuminate\Http\Request;</code></p> <p>Response<br> <code>use Illuminate\Http\Response;</code></p> <p>This is for password encrpt<br> <code>use Illuminate\Support\Facades\Hash;</code></p> <p>Your user model<br> <code>use App\Models\User;</code></p> <h3> Register User </h3> <pre> public function register(Request $request) { $fields = $request-&gt;validate([ "name" =&gt; 'required|string', "email" =&gt; 'required|string|unique:users,email', "password" =&gt; 'required|string|confirmed' ]); $user = User::create([ 'name' =&gt; $fields['name'], 'email' =&gt; $fields['email'], 'password' =&gt; bcrypt( $fields['password'] ), ]); $token = $user-&gt;createToken('myapptoken')-&gt;plainTextToken; $response = [ 'user' =&gt; $user, 'token' =&gt; $token, ]; return response($response, 201); } </pre> <h3> Login </h3> <pre> public function login(Request $request) { $fields = $request-&gt;validate([ "email" =&gt; 'required|string', "password" =&gt; 'required|string', ]); // Check Email $where = ["email"=&gt;$fields['email']]; $user = User::where($where)-&gt;first(); // Check Password if(!$user || !Hash::check($fields['password'], $user-&gt;password)) { return response([ 'message' =&gt; "Bad credentials" ],401); } $token = $user-&gt;createToken('myapptoken')-&gt;plainTextToken; $response = [ 'user'=&gt;$user, 'token'=&gt;$token ]; return response($response,201); } </pre> <h3> logout </h3> <pre> public function logout(Request $request) { auth()-&gt;user()-&gt;tokens()-&gt;delete(); $response = [ 'message' =&gt; 'logged out' ]; return response($response,201); } </pre> <p>Now go to <code>routes\api.php</code> and config Public/Protected routes like as shown in below</p> <pre> //Public routes Route::post('/register', [AuthController::class,'register']); Route::post('/login', [AuthController::class,'login']); //Protected routes Route::group(['middleware'=&gt;['auth:sanctum']], function () { Route::post('/logout', [AuthController::class,'logout']); }); </pre> <p>It time to call API's. For this demo I'm using Postman</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzl0vraotch0mxmej2n33.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzl0vraotch0mxmej2n33.png" alt="image"></a></p> <p>This request I have sent without post data to check the validations, And you must set the <code>headers</code> otherwise you will encounter with errors. <code>Accept:Application\Json</code></p> <p>Let register an User</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpswfzb1274btdjs5h5b9.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpswfzb1274btdjs5h5b9.png" alt="image"></a></p> <p>You are successfully configured <code>Laravel Sanctum</code> :)</p> <p>In the response you will receive personal access token. </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjeqjw5w0b19d6ubk62xx.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjeqjw5w0b19d6ubk62xx.png" alt="image"></a></p> <p>In this response you can notice that we have received token, Use that token for all protected services. You should pass that token in headers as bearer token for Authorization.</p> <p>I also give an example for Logout.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjycjezugu0ypj8modea3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjycjezugu0ypj8modea3.png" alt="image"></a></p> <p>If you hit protected API without token, That request is unauthorized. </p> <p>Now I added Bearer token in request, Then I'm successfully logout.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa89uargfd9z6v6lt2j3a.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa89uargfd9z6v6lt2j3a.png" alt="image"></a></p> <p>Please feel free to ask me anything on this topic!</p> laravel api mobileauthentication sanctum