laravel sanctum vs jwt

Solutions on MaxInterview for laravel sanctum vs jwt by the best coders in the world

showing results for - "laravel sanctum vs jwt"
Heston
28 Aug 2020
11. Passport : Passport provides a full OAuth2 server implementation for your 
2  Laravel application in a matter of minutes. It is therefore necessary to have
3  a brief knowledge of OAuth2.
4
52. Sanctum : Sanctum it is a simple package to issue API tokens to your users
6  without the complication of OAuth. Sanctum uses Laravel's built-in cookie
7  based session authentication services.
8
9In a small application use Sanctum. it's simple and easy
10
113. JWT : Auth (Authentication) is the process of identifying the user 
12credentials. In web applications, authentication is managed by sessions which
13take the input parameters such as email or username and password, for user
14identification. If these parameters match, the user is said to be authenticated.
Amaury
02 Oct 2019
1If using sanctum. The implementation will be as follows : 
2
3For WEB
4
5For web you dont need the token explicitly the sanctum/csrf-token handles 
6everything for you. In case of web make sure you are allowing credentials for 
7example:
8
9In Axios axios.defaults.withCredentials = true;
10
11In JavaScript: xhr.withCredentials = true;.
12
13For Mobile authentication
14
15For mobile authentication, you dont need to call sanctum/csrf-cookie API.
16
17Please refer to the official doc section "Mobile Application Authentication".
18
19https://laravel.com/docs/7.x/sanctum#mobile-application-authentication.
20
21General flow will be as follows:
22
231. Make a login API and make sure you are not using auth: sanctum middleware
24  with this.
252. Call the login API and validate user credentials and return a token on 
26  success. You can refer following code:
27   /**
28     * Get a Token via given credentials.
29     *
30     * @return \Illuminate\Http\JsonResponse
31     */
32    public function login()
33    {
34        $credentials = request()->validate([
35            'email' => 'required|email',
36            'password' => 'required',
37        ]);
38        
39        $user = User::where('email', $credentials['email'])->first();
40        
41        if (! $user || ! Hash::check($credentials['password'], $user->password)) {
42            return response()->json(['message' => 'Unauthorized'], 401);
43        }
44        
45        return $this->respondWithToken($user->createAccessToken(), ["user" => $user]);
46    }
473. The user object has createToken() method to issue a token.
48
494. Now use this token with every request your making to the routes having 
50  auth:sanctum middleware attached to itself.
515. You need to add 'Authorization' => 'Bearer '. $access_token header in the
52    request headers.