About Laravel Sanctum
Laravel Sanctum provides a featherweight authentication system for SPAs (single page applications), mobile applications, and simple, token based APIs. Sanctum allows each user of your application to generate multiple API tokens for their account. These tokens may be granted abilities / scopes which specify which actions the tokens are allowed to perform.
You may install Laravel Sanctum via Composer:
composer require laravel/sanctumNext, you should publish the Sanctum configuration and migration files using the vendor:publish Artisan command. The sanctum configuration file will be placed in your config directory:
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
Finally, you should run your database migrations. Sanctum will create one database table in which to store API tokens:
php artisan migrateNext, if you plan to utilize Sanctum to authenticate an SPA, you should add Sanctum's middleware to your api middleware group within your app/Http/Kernel.php file:
use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
...
'api' => [
EnsureFrontendRequestsAreStateful::class,
'throttle:60,1',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
...To authenticate your SPA, your SPA's login page should first make a request to the /sanctum/csrf-cookie route to initialize CSRF protection for the application:
Once CSRF protection has been initialized, you should make a POST request to the typical Laravel /login route. This /login route may be provided by the laravel/ui authentication scaffolding package.
Laravel's laravel/ui package provides a quick way to scaffold all of the routes and views you need for authentication using a few simple commands:
composer require laravel/ui
It's necessary for use a route and make login
php artisan make:controller UserControllerthis route is make in file routes/api.php
Route::post('/login', 'UserController@login');this route has protected for middleware sanctum
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});now is necessary your create a user for testing the route
we go use the seeder for it
php artisan make:seeder UserSeederNow you may use the db:seed Artisan command to seed your database. By default, the db:seed command runs the DatabaseSeeder class, which may be used to call other seed classes. However, you may use the --class option to specify a specific seeder class to run individually:
php artisan db:seed --class=UserSeederin UserController implements the code below
<?php
namespace App\Http\Controllers;
use App\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\ValidationException;
class UserController extends Controller
{
public function login(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required'
]);
$user = User::where('email', $request->email)->first();
if (! $user || ! Hash::check($request->password, $user->password)) {
throw ValidationException::withMessages([
'email' => ['The provided credentials are incorrect.'],
]);
}
$token = $user->createToken($user->id)->plainTextToken;
return response()->json([
'user' => $user->name,
'email' => $user->email,
'token' => $token
],200);
}
}image preview for request login
image preview for request return
The Laravel framework is open-sourced software licensed under the MIT license.