Level 36
Use sanctum for this. https://laravel.com/docs/8.x/passport#passport-or-sanctum
Aug 3, 2021
5
Level 63
Difference between Passport and Sanctum ?
Hello,
I need to create APIs for a Laravel app and develop another app for the front (with a JS framework).
To secure my APIs, I will use Passport or Sanctum. But I don't really understand the difference between both packages.
What I'd like to do is : the user clicks on a button to generate a unique token (only one token is necessary) and then he can use this token in the front app. Or perhaps each user has automatically a token without the need to generate it by clicking on a button, but he will have the possibility to regenerate his token if necessary.
What is better to use ? Passport ? Sanctum ?
Thanks for your advise.
Vincent
Level 63
Ok thank you.
What's the real difference between both packages ?
1 like
Level 80
@vincent15000 Passport is an OAuth server implementation, and used to offer OAuth authorisation for your application. Sanctum is an authentication library for “simpler” token-based authentication for clients that need it (i.e. mobile apps) but also offers cookie-based authentication for SPAs.
If you just need to generate tokens, then either will suffice. You could either offer the ability for users to generate personal access tokens (https://laravel.com/docs/8.x/passport#personal-access-tokens). This is what GitHub allows where you can go into your account and generate tokens for things like Composer.
Sanctum also allows you to generate tokens in a similar way: https://laravel.com/docs/8.x/sanctum#issuing-api-tokens
So, as for which one you should pick, I’d say it depends if you need to support any other types of authentication. If you’re going to need to offer other OAuth grant types in the future then go with Passport. If you just have a SPA or want to issue simple, opaque tokens to users, then Sanctum would suffice.
6 likes
Level 63
Ok thank you @martinbean what I understand is that Sanctum is simpler to user and Passport offers more features. I don't need any other feature, I just need to generate a simple token to use it with a client developed with a JS framework.
So I think Sanctum will do the job very well. ;)
Level 80
So I think Sanctum will do the job very well. ;)
@vincent15000 Sounds to be indeed the case 🙂
3 likes
Please or to participate in this conversation.