Laravel Sanctum vs Passport & when to use Laravel Sanctum - Laravel SPA Authentication

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

laravel has multiple ways to handle api authentication sometimes it can be confusing to decide which one to choose for a specific project hopefully this video will help you decide which authentication method to pick when starting out a new project let's dive right in and discuss laravel's built-in authentication laravel sanctum and laravel passport laravel comes with built-in cookie-based session authentication that you would typically use in a regular non-sba or api applications it is used to authenticate the web browser that the user is making the requests from laravel passport is a server implementation of oauth2 that can be used to authenticate apis that need oauth features oauth is an authentication protocol that allows users to grant limited access to third-party applications without sharing their usernames and passwords for example you can tell twitter that it's okay for your app to access your twitter's profile without providing your username and password directly to the app so even if this app gets compromised your username and password is not laravel sanctum is a lightweight authentication package that can be used to authenticate an spa a mobile application or a regular token based application that does not require all of the oauth features laravel sanctum can be both stateless and stateful using session cookies if request is coming from your own first party sba then sanctum authenticates the user using the session cookie instead of the tokens with the benefits of csr protection however if the cookie is not found then sanctum checks for the bearer token header and tries to authenticate the user with that this is usually the part that seems a bit confusing but it's actually pretty simple for example to authenticate a mobile app user needs to enter username and password and submit the form larval will validate username and password and will create a new access token and send it back in response your mobile app then needs to store this token and pass it on further requests via authorization header as bearer token because request is not coming from your first party sba laravel sanctum checks the bearer token and authorizes it if the token is valid if you are authenticating another service with your api where user is not entering username and password then you manually generate the access token for a specific user and use that token to authenticate with your app these tokens can either be manually created or through some kind of admin panel where your users are able to generate tokens for themselves and finally if your spa and your larval api share the same top level domain then you don't need any tokens at all laravel sanctum will use cookie based session authentication when requests are coming from your sba your sba can be in a separate repository or in the same repository as your laravel api so should you go with sanctum instead of passport the answer is yes in my opinion unless you really need all of the oauth features in the next video we'll talk about how to authenticate your first party spa with laravel sanctum thank you guys for watching i hope you found this video helpful as you probably noticed this is a new channel so any feedback is greatly appreciated whether it's good or bad hit like and subscribe and i will see you in the next video

Info

Channel: Program With Gio

Views: 3,093

Rating: 4.9148936 out of 5

Keywords: laravel, api, api authentication, laravel sanctum, laravel passport, spa, mobile app, spa authentication, mobile app authentication

Id: mdyoNwfIS80

Channel Id: undefined

Length: 3min 20sec (200 seconds)

Published: Fri Sep 25 2020