What you'll learn

In this part of the series, you'll learn the following:

• What Sanctum is
• How to install and use Laravel Sanctum
• Implement the Sign Up function
• Implement the Login function
• Implement the Logout function
• Restructure the routes to protected and public

Laravel Sanctum setup

Laravel Sanctum, also commonly known as Sanctum is a lightweight authentication system used to authenticate token based APIs and SPAs (ReactJs, VueJs, etc). In this section, I will show you how to authenticate users with Sanctum.

Install Sanctum

Due to Laravel's aim to provide a great developer experience, the Laravel project you generated in the first part of the series includes Sanctum, and you can confirm that by going to composer.json file, and it should be inside the require array like so:

The green box is the require array. If you can't find Sanctum inside the array in your composer.json file, run the following command to install it:

composer require laravel/sanctum

The above command will install Sanctum inside your app, and you can confirm by checking the composer.json file again.

Create personal access tokens migration

After confirming Sanctum's installation, the next thing is to create a personal access tokens table in the database, you do that by publishing Sanctum's configurations and migrations file by running the following in your command line:

php artisan vendor:publish   provider="LaravelSanctumSanctumServiceProvider"

The above command will create a create_personal_access_tokens_table.php in your /database/migrations folder and a sanctum.php file inside the /config folder, once you have verified the creation of those two files, the next thing to do is to migrate the new migration file, and you do that with the following command:

php artisan migrate 

The above command will add a new personal_access_tokens table to your database, check your database manager to verify:

Next, go to the app/Http/Kernel.php file and replace the api array inside the middlewareGroups array with the following code:

'api' => [
            LaravelSanctumHttpMiddlewareEnsureFrontendRequestsAreStateful::class,
'throttle:api',
IlluminateRoutingMiddlewareSubstituteBindings::class,
        ],

The above code is the middleware that will be used to authenticate our API.

Next, I'll show you can how to protect routes in Laravel.

Protecting Routes

To protect your routes, you need to group the protected routes with a middleware function like so:

// posts routes
Route::group(['middleware' => ['auth:sanctum']], function () {
// protected routes go here
});

the above code uses the static group function on the Route Facade and adds the middleware array that utilizes the 'auth:sanctum' middleware to protect the routes that you define inside the function. To show you how this works, I'll add all the post routes inside the function like so:

// posts routes
Route::group(['middleware' => ['auth:sanctum']], function () {
Route::resource('posts', PostController::class);
Route::get('/posts/search/{title}', [PostController::class, 'search']);
Route::get('/post/author/{id}', [PostController::class, 'get_author']);
});

Now try to get all posts by making a GET request to localhost:8000/api/posts and you should get the following result:

The green box is the result you would get from the request, and it reads "message": "Unauthenticated.", and that's it! the route has been protected successfully, Now you need to define the steps the user has to take to get authenticated. Next, we will define the signup function.

Note: The above is just an example, I'm going to restructure all the routes later.

Next, I'll show you how to set up a controller for the functions related to authentication.

AuthController

You learned in the second part of the series that controllers are used to organizing functions in your application, So you'll need to create a controller that will contain all the functions related to authentication.

First, create a controller with artisan, name it AuthController like so:

php artisan make:controller AuthController

Note: You should not add the resource flag, as we won't be using the CRUD functionality here.

That should create a controller file that contains the following code:

<?php

namespace AppHttpControllers;

use IlluminateHttpRequest;

class AuthController extends Controller
{
    //
}

Next, add the dependencies required which in this case will be:

use AppModelsUser;
use IlluminateHttpRequest;
use IlluminateHttpResponse;
use IlluminateSupportFacadesHash;

Add the code above under the namespace AppHttpControllers; line.

• The User is the user model and migration that was created when you generated your Laravel application.
• The Request is the object that contains any data the user sends to the server.
• The Response is the object that contains any data the server sends back to the user.
• The Hash contains bcrypt function that will be used to hash the passwords.

Next, I'll show you how to create the Sign Up function

Sign Up

For users to be able to sign in, you need to create the function. So create a public sign_up function like so:

    public function sign_up(Request $request){

    }

Next, validate the data coming through the request object like so:

        $data = $request >validate([
            'name' => 'required|string',
            'email' => 'required|string|unique:users,email',
            'password' => 'required|string|confirmed'
        ]);

The above code validates the data using the validate function.

• The name is a required string.
• The email is a required string and has to be a unique value inside the column in the users table.
• The password is a required string and needs to be confirmed, so the user needs to input it a second time.

Next, create user using the static create function on the User model like so:

        $user = User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => bcrypt($data['password'])
        ]);

The above code uses the create function with an array of the previous data variable to create a user.

Note: The password in the above array is wrapped in bcrypt function, so the password will be hashed before saving the user to the database.

Next, generate an authentication token using the createToken function on the $user like so:

$token = $user >createToken('apiToken') >plainTextToken;

The above code will create a token that will be sent along with every request to a protected route.

Next, create the response that will be sent back once the user has been created successfully:

        $res = [
            'user' => $user,
            'token' => $token
        ];
        return response($res, 201);

The above code created a variable named $res which is an array that contains the created user and the generated token, and returns it using the response function along with the status code 201 which means that a resource was created, which is the user and the token. Now the sign_up function should look like so:

    public function sign_up(Request $request){
        $data = $request >validate([
            'name' => 'required|string',
            'email' => 'required|string|unique:users,email',
            'password' => 'required|string|confirmed'
        ]);

        $user = User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => bcrypt($data['password'])
        ]);

        $token = $user >createToken('apiToken') >plainTextToken;

        $res = [
            'user' => $user,
            'token' => $token
        ];
        return response($res, 201);
    }

Tags:

Laravel beginners tutorial Laravel beginners tutorial

Previous

Laravel Caching PlanetScale MySQL

Next

Laravel 8 Export to Excel