Sanctum is a Laravel package that provides a simple and lightweight authentication system for Single Page Applications (SPAs), mobile applications, and token-based APIs. It allows you to easily authenticate and manage user access to your application’s APIs. In this tutorial, we will explore how to set up Sanctum in Laravel and implement token-based authentication.
Installing Sanctum
To get started, we need to install Sanctum using Composer. Open your terminal and run the following command:
composer require laravel/sanctum
Configuration
Once Sanctum is installed, we need to publish its configuration file and migration files. Run the following commands:
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate
Authenticating Users
To authenticate users with Sanctum, we need to configure our User model and update the authentication guard settings. First, add the HasApiTokens trait to your User model:
use Laravel\Sanctum\HasApiTokens;
class User extends Authenticatable
{
use HasApiTokens;
// ...
}
Next, in your config/auth.php file, update the guards array to use the Sanctum guard for API authentication:
'guards' => [
// ...
'api' => [
'driver' => 'sanctum',
'provider' => 'users',
],
],
Protecting Routes and APIs
Sanctum provides middleware that can be used to protect routes and APIs. To protect a route, simply add the auth:sanctum middleware to the route definition:
Route::middleware('auth:sanctum')->get('/dashboard', function () {
// Route logic here
});
Token Management
Sanctum provides methods to issue and manage API tokens for users. To issue a token for a user, you can use the createToken method:
$user = User::find(1);
$token = $user->createToken('token-name')->plainTextToken;
The plainTextToken is the API token that can be used to authenticate API requests.
Revoking Tokens
Sanctum also allows you to revoke tokens for a specific user. To revoke a token, you can use the tokens()->delete() method on the user instance:
$user->tokens()->delete();
Testing the Authentication
To test the authentication, you can make API requests with the token attached as an authorization header:
GET /api/user
Authorization: Bearer {API_TOKEN}
Setting up Sanctum in Laravel provides a seamless way to implement token-based authentication in your application. It offers a lightweight and secure solution for protecting routes and APIs. By following the steps outlined in this tutorial, you can successfully set up Sanctum and enhance the security of your Laravel application.
Remember to consult the official Laravel Sanctum documentation for more detailed information and advanced usage.
Happy coding!
Top comments (0)