affiliatespot.blogg.se

When Sanctum examines an incoming HTTP request, it will first check for an authentication cookie and, if none is present, Sanctum will then examine the Authorization header for a valid API token. Sanctum will only attempt to authenticate using cookies when the incoming request originates from your own SPA frontend. This provides the benefits of CSRF protection, session authentication, as well as protects against leakage of the authentication credentials via XSS. Typically, Sanctum utilizes Laravel's web authentication guard to accomplish this.

Instead, Sanctum uses Laravel's built-in cookie based session authentication services. These SPAs might exist in the same repository as your Laravel application or might be an entirely separate repository, such as a SPA created using Vue CLI or a Next.js application.įor this feature, Sanctum does not use tokens of any kind. Second, Sanctum exists to offer a simple way to authenticate single page applications (SPAs) that need to communicate with a Laravel powered API. Laravel Sanctum offers this feature by storing user API tokens in a single database table and authenticating incoming HTTP requests via the Authorization header which should contain a valid API token. These tokens typically have a very long expiration time (years), but may be manually revoked by the user at anytime. You may use Sanctum to generate and manage those tokens. For example, imagine the "account settings" of your application has a screen where a user may generate an API token for their account. This feature is inspired by GitHub and other applications which issue "personal access tokens". Let's discuss each before digging deeper into the library.įirst, Sanctum is a simple package you may use to issue API tokens to your users without the complication of OAuth. Laravel Sanctum exists to solve two separate problems. These tokens may be granted abilities / scopes which specify which actions the tokens are allowed to perform. Sanctum allows each user of your application to generate multiple API tokens for their account. Laravel Sanctum provides a featherweight authentication system for SPAs (single page applications), mobile applications, and simple, token based APIs.