Laravel API Auth with Sanctum and API Tokens
Рет қаралды 62,921
Күн бұрын
@jhonbarcasnegras 4 жыл бұрын
Two days trying to understand it and suddenly this video saves my life in a few minutes. Thank you.
@BitValentine 3 жыл бұрын
Exactly :) Love this channel. I did a live stream yesterday about Sanctum for 1 hour and struggled with it. This helped me instantly.
@evangelistenockmwakapalila125 2 жыл бұрын
This was killing me with pain but just a minute you made my day happy DUDE
@geradtroje4653 Ай бұрын
So because the tokens use a morph relation does that mean you can create tokens for any model, not just User?
@Shortgrauzis 3 жыл бұрын
Thank you. I was stuck on using a token from database which is encrypted? I guess. Did not realize I needed to use plaintext one.
@birenjung 5 ай бұрын
I think the show function returns 403 status because token named categories-show is not made. Am I right?
@HansVandetas 3 жыл бұрын
Thankyou for your brief & clear explanation, straight to the point & solving my problem
@frank_core3193 2 жыл бұрын
Is there a way where we can delete all tokens which are not used anymore using a scheduler? Thank you in advance.
@nguyenhoa072 3 жыл бұрын
do you have any guide to build portal website using laravel and connect to this api?
@redamakarem3737 3 жыл бұрын
Love your content Just bought the course All the best man
@user-gf3hf5ri8b 2 жыл бұрын
I think there is also another way to authenticate API which is using the Laravel Session cookies and like simple Web authentications. My question is which one is better or I should use? thanks in advance
@LaravelDaily 2 жыл бұрын
You meant this? laravel.com/docs/8.x/sanctum#spa-authentication Yes it works, it's your personal choice which one to use.
@TechWizardBoctulus 2 жыл бұрын
What's the sense of a "white list" of web tokens?
@diegoc3749 3 жыл бұрын
but anyone with access to the public SPA can look at the requests made vis the browser console and steal that bearer token. How is this secure?
@vladimircontreras 4 жыл бұрын
If I use a "role abilities" approach (for the User model), the token ability can be bypassed or should that be considered a totally different type of authorization?
@zinaright 2 жыл бұрын
In 5 minutes!!! Thou rockest !
@MoawiaAlmardoud 4 жыл бұрын
What is the best way to protect Vue page with Sanctum?
@mnafaykhan2651 3 жыл бұрын
sir please help me i want to apply sanctum on my custom created model instead of user.php what I have to do kindly help me?
@raziburrahman6332 2 жыл бұрын
I always follow your great tutorial videos. I learned lots of things from here. I developing a laravel vue spa project with laravel sanctum but when I Deploy my project on sub domain. I am getting 401 error. Can you please make a video on laravel sanctum project deploy on live server
@kartiksharma7080 2 жыл бұрын
tokenCan is always giving true? Plz help
@samiullah0011 Жыл бұрын
Can you make a detailed video on OAuth what it is and what it will do?
@LaravelDaily Жыл бұрын
I don't actively use OAuth, I prefer Laravel Sanctum for simplicity.
@repetitoraru 3 жыл бұрын
Thanks a lot, Povilas! You helped so many people. One question. What can be wrong with the following? I made everything according to this video, but in the very end when in the controller I try to use auth()->user()->tokenCan() it falls because auth()->user() is null. Maybe someone else here can know? My API controller cannot see the user.
@vlauciani 3 жыл бұрын
Hi I've protected my route with Sanctum API Token as you describe, but I've a question: when I call route internally, in my code with the 'name()' , I'd like to bypass the auth. What is the best practice? Thank you.
@agustinarroyosotomayor6169 4 жыл бұрын
Great Tutorial. Is it possible to combine Sanctum API Tokens with Passport/JWT instead of Sanctum SPA Authentication ?
@PovilasKorop 4 жыл бұрын
I've never heard/read of this hybrid approach, don't think it would work.
@Vlad73125 4 жыл бұрын
Povilas, what do u prefer? JWT or sanctum?
@PovilasKorop 4 жыл бұрын
JWT is soooo 2018 :) But if you got used to it and you're happy with it, stick with JWT. But for everyone new to API Auth I totally recommend Sanctum.
@Vlad73125 4 жыл бұрын
@@PovilasKorop Thanks for your opinion :)
@kwangee 3 жыл бұрын
I found that Laravel Sanctum and Fortify documentation is very confusing. It's possible/can use Laravel Sanctum session guard to authenticate api.php route? and Forfity for api.php route?
@kwangee 3 жыл бұрын
Or we must use Laravel Sanctum Token to authentication api route, and we cannot use Forfity for api route?
@bhaidar 3 жыл бұрын
Hey! Can you please validate the below? When using Sanctum API Tokens tokenCan() is used instead of Gates and can(). While when using Sanctum with Vue (for instance), Gates and can() are the ones used instead of tokenCan()? From what I understand, Sanctum SPA Auth makes use of Laravel Session, hence Gates are just natural to be used. While, Laravel API Tokens, is something else relying heavily on Token + Abilities. Thanks!
@Mocka-yf4ez 3 жыл бұрын
thank you so much your explanation so clear
@w99910 4 жыл бұрын
I would rather watch Laravel lessons than Gaming live streams🤣
@PovilasKorop 4 жыл бұрын
And my lessons are shorter! :)
@belce1982 3 жыл бұрын
Thanks as always! Keep the hard work!
@ShibbirAhmedRaihan 4 жыл бұрын
First of all thanks for those awesome videos. But I have question how can we secure this token exposing from the frontend site or mobile auth?
@silvanasauzana8693 3 жыл бұрын
use ssl (https) on the backend. That way every request is encrypted. If not, then someone could intercept the token using MITM technique.
@ShibbirAhmedRaihan 3 жыл бұрын
@@silvanasauzana8693 thanks for your reply. But I am talking about securely save token in Storage or cookies. So that no one can steal token from browser
@EL_PANDA_742 3 жыл бұрын
Would you mind giving us a breif about your local env? it looks clean not like xampp
@LaravelDaily 3 жыл бұрын
Laravel Valet on my Macbook
@EL_PANDA_742 3 жыл бұрын
@@LaravelDaily Thanks sir
@_saurabhshah 4 жыл бұрын
Great content as always ❤️
@dev_jeongdaeri 3 жыл бұрын
super amazing!!!
@purans-tech-tidbits 4 жыл бұрын
I am eagerly waiting for the course to release. Can you please tell us the estimated date for that?
@PovilasKorop 4 жыл бұрын
Next week. I decided to spend more time on Auth section and do a bit more research, it took more time than I expected.
@ivanmessina Жыл бұрын
I don't understand why you have a json response for unathorized, but I have the HTML code of the page. What am I missing? been searching on google ofr more than 30 minutes without a solution
@LaravelDaily Жыл бұрын
Header "accept: application/json"
@ivanmessina Жыл бұрын
@@LaravelDaily thanks. I figured that after when I decided to avoid looking on google and check postman’s options
@faruksaldr7338 3 жыл бұрын
how to make multi auth with sanctum or passport.
@JY-xv7ic 4 жыл бұрын
how to set the expire?
@HansVandetas 3 жыл бұрын
You can config it in sanctum.php file under config folder
@jannatulnayeem7289 4 жыл бұрын
I am using sanctum for authorization purpose only and handling permissions using spatie/permission. Is this the right way to do this?
@LaravelDaily 4 жыл бұрын
Yes, totally. Sanctum is for Authentication, and for Authorization you can use same Sanctum abilities or something external like your middlewares, Gates or packages.
@MaurizioCalarese 4 жыл бұрын
@@LaravelDaily , does you course contains videos about how to implement roles and permissions (spatie pkg or not)? Because i had problems to use the spatie package with sanctum and i would be interested.
@PovilasKorop 4 жыл бұрын
@@MaurizioCalarese I didn't plan that, because it depends on specific permission package/logic you want to use, but I guess it would be useful. Now, question - what kind of Sanctum you used? SPA Authentication or API Token?
@MaurizioCalarese 4 жыл бұрын
@@PovilasKorop , thanks for your reply. Yes, definitely would be useful, there are a lot of videos/tutorials about sanctum out there, but no one (at least I haven't found one) that shows how to implement with it existing solutions like spatie/permissions or that goes deeply into the argument (to setup sanctum is enough the official documentation, imho). For my project, I'm using Sanctum with API token mode and I had to write roles and permissions from scratch, without all the nice and ready functionalities that the spatie package gives to us. Anyway, the best solution would be a setup that works also with SPA mode, to speed up future projects. Just an idea for a course/tutorial. Ps. I appreciate & understand your good work.
@PovilasKorop 4 жыл бұрын
@@MaurizioCalarese Well, here's where it gets confusing. So you used API token for a page that should have been a SPA? Specifically in Sanctum docs it is written: "You should not use API tokens to authenticate your own first-party SPA. Instead, use Sanctum's built-in SPA authentication." So whatever tutorial/course I create, every project is almost individual for that type of project, so Sanctum/Passport, then inside of those - what type of tokens to use, and then on top - which roles/permissions logic/package. So I can't publish any content that would suit ALL of those possible cases. For the API token case, I would use the same abilities parameters as I used in this video, without any spatie. But it also depends on the features of your project, how big it is, what are typical permissions etc. The more I dive into this, the more I realize it's VERY individual, and I can only show people guidelines, or "my way" of doing it, but not help in everyone's situations.
@JY-xv7ic 4 жыл бұрын
another new thing that i learn..
@tomm1175 4 жыл бұрын
Sad that there is no refresh token functionality
@julienSibille 4 жыл бұрын
Sounds good !
@aldiirsanmajid4235 3 жыл бұрын
can you help me please? I'm gettin this error "Trait 'Laravel\Sanctum\HasApitokens' not found" eventhough i have install and import sanctum in user model. please anyone help me
@PovilasKorop 3 жыл бұрын
HasApitokens - shouldn't the T be uppercase? HasApiTokens - maybe that is the reason?
@jacquesmbabazi9192 4 жыл бұрын
Please can you show us how to pass the json returned data in blade file
@PovilasKorop 4 жыл бұрын
Why would you need that? Can you give an example?
@jacquesmbabazi9192 4 жыл бұрын
@@PovilasKorop cause sometimes we need to pass data returned from Api to blade file
@abelenocrodriguez 4 жыл бұрын
Awesome!
@vlauciani 3 жыл бұрын
Thank you very much for this great video; finally I understand the Sanctum! Could you explain what is the best practice to use 'tokenCan()' in combination with Gate and Policy?
@seyedabdorezalabbafi6225 2 жыл бұрын
I prefer spatie/laravel-permission
@mohammedsadki2180 4 жыл бұрын
great
@topx777 3 жыл бұрын
Beautiful!, thanks a lot!
@ChrystopherMedina 4 жыл бұрын
the course has some examples on how to consume the api with some js framework or just has the examples of how to consume the endpoints with postman?
@PovilasKorop 4 жыл бұрын
Mostly Postman, only one or two lessons is a demo of Vue.js, but just to show how it works with API, then we get back to endpoints. For JS framework usage with API, you can check out my other newer course "Vue.js + Laravel: CRUD with SPA" laraveldaily.teachable.com/p/vue-laravel-crud-spa
@An_Najib 4 жыл бұрын
Lumen OAuth2 plis
Lectoria. Обучение веб-разработке.
Рет қаралды 15 М.
Funda Of Web IT
Рет қаралды 5 М.
Code With Dary
Рет қаралды 92 М.
Learning Points
Рет қаралды 3,1 М.