composer require laravel/sanctum
php artisan vendor:publish --provider="LaravelSanctumSanctumServiceProvider"
php artisan migrate
"!!!!!!Next, if you plan to utilize Sanctum to authenticate an SPA, you should add Sanctum's middleware to your api middleware group within your application's app/Http/Kernel.php file:!!!!!"
'api' => [
LaravelSanctumHttpMiddlewareEnsureFrontendRequestsAreStateful::class,
'throttle:api',
IlluminateRoutingMiddlewareSubstituteBindings::class,
],//install
composer require laravel/sanctum
// vendor
php artisan vendor:publish --provider="LaravelSanctumSanctumServiceProvider"Broadcast::routes(['middleware' => ['auth:sanctum']]);composer require laravel/sanctumreturn $user->createToken('token-name', ['server:update'])->plainTextToken;use AppModelsSanctumPersonalAccessToken;
use LaravelSanctumSanctum;
/**
* Bootstrap any application services.
*
* @return void
*/
public function boot()
{
Sanctum::usePersonalAccessTokenModel(PersonalAccessToken::class);
}use IlluminateHttpRequest;
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});axios.defaults.withCredentials = true;use LaravelSanctumHasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable;
}// Revoke all tokens...
$user->tokens()->delete();
// Revoke the token that was used to authenticate the current request...
$request->user()->currentAccessToken()->delete();
// Revoke a specific token...
$user->tokens()->where('id', $tokenId)->delete();if ($user->tokenCan('server:update')) {
//
}axios.get('/sanctum/csrf-cookie').then(response => {
// Login...
});use LaravelSanctumPersonalAccessToken as SanctumPersonalAccessToken;
class PersonalAccessToken extends SanctumPersonalAccessToken
{
// ...
}foreach ($user->tokens as $token) {
//
}return $request->user()->id === $server->user_id &&
$request->user()->tokenCan('server:update')'domain' => '.domain.com',