Laravel Development

Introduction

Laravel is a popular PHP framework for web development services. Today we are going to talk about a great companion for Laravel web developers that makes their life as a programmer easy. Software development has evolved a lot over time and there are many tools that the developer community can use to deliver the best quality web development or web application development.

Sanctum offers a straightforward solution for generating API tokens for your users, eliminating the complexities of OAuth. This feature is inspired by GitHub and other applications that issue “personal access tokens”. For example, imagine that your application’s “account settings” have a screen where a user can generate an API token for their account. You can use Sanctum to generate and manage these tokens. Apparently, tokens normally have a long expiry, however, they can be manually revoked at any time.

Laravel Sanctum offers the functionality to store user API tokens in a centralized database table. It enables the authentication of incoming HTTP requests by validating the Authorization header, which should contain a valid API token. This approach ensures secure and seamless handling of API authentication within your Laravel application.

Installing Laravel Sanctum

Laravel Sanctum can be installed via the Composer package manager. To install Laravel Sanctum, you can run the following command in your terminal:

image1

To publish the Sanctum configuration and migration files in Laravel, you can use the following `vendor:publish` Artisan command:

image3

Running this command will copy the Sanctum configuration file to the `config` directory of your Laravel application.

To enable Sanctum for authenticating single-page applications (SPAs) in Laravel, you need to add Sanctum’s middleware to the api middleware group in your app/Http/Kernel.php file.

Locate the api middleware group in the Kernel.php file and add the \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class middleware to the $middlewareGroups array:

image9

This middleware ensures that SPA requests are stateful and can be authenticated using Sanctum. Save the changes to the Kernel.php file after adding the middleware.

Configuration

While it is not typically necessary, you have the flexibility to extend the PersonalAccessToken model used internally by Sanctum if needed. This allows you to customize and add additional functionality to the model according to your specific requirements.

image7

API Token Authentication

1. Issuing API Tokens

With Sanctum, you have the capability to generate API tokens or personal access tokens that serve as authentication credentials for API requests to your application. When making API requests with these tokens, it is important to include the token as a bearer token in the Authorization header of the request.

2. Token Abilities

Sanctum allows you to assign “abilities” to tokens. Capabilities serve a similar purpose to OAuth’s “scopes”.

3. Protecting Routes

To ensure that all incoming requests are authenticated and protected, you can add the sanctum authentication guard to the routes in both the routes/web.php and routes/api.php route files. This will require authentication for accessing those routes.

4. Revoking Tokens

You have the ability to revoke tokens by deleting them from your database. This can be done by utilizing the token relationship provided by the Laravel\Sanctum\HasApiTokens property. By removing the tokens from the database using this relationship, you effectively revoke their access.

image8

5. Token Expiration

By default, Sanctum tokens have no expiration date and can only be invalidated by revoking them.

If you have set an expiration time for tokens in your application’s configuration, you might want to schedule a task to automatically remove expired tokens.

image6

Use Cases

Laravel Sanctum can be used for various use cases, such as:

Creating RESTful APIs in PHP with Laravel

Enables every user of your application to generate multiple API tokens for their account.

The Sanctum package allows developers to create multi-authentication systems for their websites

It helps developers create secure and efficient authentication systems.

Authenticate any HTTP request.

Read Our Laravel Case Studies

What features are provided by a sanctum?

Laravel Sanctum provides the following features:

Sanctum authentication guard will ensure that incoming requests are authenticated.

Sanctum authentication offers the advantages of CSRF protection, session authentication, and safeguards against XSS attacks that could potentially expose authentication data.

You can also utilize Sanctum tokens to authenticate requests from your mobile application to your API.

It safeguards routes by requiring authentication for all incoming requests.

Advantages of Sanctum

Laravel Sanctum provides the following advantages:

1.  Sanctum is a straightforward package that allows you to issue API tokens to your users without the complexities typically associated with OAuth.

2. Sanctum offers the flexibility of both session-based and token-based authentication, making it well-suited for authenticating single-page applications (SPAs).

3. Sanctum enables the sharing of session cookies between your API and SPA, as long as they are hosted on the same root domain.

4. Sanctum is sufficient for your needs, so you don’t need the extra overhead that comes with the more complex implementation of Passport.

Conclusion

I prefer Sanctum simply because it’s easier and faster to set up and I don’t need OAuth2 for the functions I currently have planned.

It’s easy to overdevelop everything in development without ever getting a single paying customer, which is what I’m trying to avoid these days. If your application progresses beyond the prototype stage and you decide to incorporate third-party integrations, please do inform me about your transition to Passport.

If you consider hiring Laravel developers, it is important to evaluate their portfolios, assess their proficiency in Laravel development, and conduct interviews to gauge their skills and suitability for your project.

Advantages of Laravel Development

 

Consult With A Top Laravel Development Company

If you have a brilliant idea and are looking to build an exquisite solution in Laravel, Bytes Technolab is the one-stop resort for all your requirements related to Laravel web development services.

We are a trusted Laravel development company offering end-to-end services to SMEs, Startups, and Enterprise. Our diverse industry experience where we developed and delivered custom Laravel solutions help us to enrich your next software application with the trendiest features and innovations using the most modern technology stack.

Are you looking to hire Laravel developers? No problem. We have ready-to-deploy Laravel developers who have all the experience and required tech expertise to add value to your SDLC. Engaging with us gives you a Hero Laravel Development Team that guarantees timely and 100% project deliveries with utter professionalism and smooth communication.

Why wait? Consult with our Business Development Team now and onboard a team within 48-72 hours.

Related Blogs

Selecting the Best Adobe Experience Manager Solution for Your Needs

Selecting the Best Adobe Experience Manager Solution for Your Needs

Creating and managing engaging content across various platforms is important for eCommerce stores in this ever-evolving digital commerce era. Th...

How Adobe Commerce Development Partner Boosts Your eCommerce Success?

How Adobe Commerce Development Partner Boosts Your eCommerce Success?

Modern retail owners have turned to accredited eCommerce development companies as their technical consulting and implementation partners. By han...

What Are the Top Security Threats to Adobe Commerce Stores?

What Are the Top Security Threats to Adobe Commerce Stores?

Most businesses are looking to expand their presence in the online marketplace and that’s led to the growth of eCommerce platforms like Adobe ...