Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I have 3 different types of users in separate tables. I am using Sanctum to issues tokens. Each type of user will be using different application connected to same database. Ex: admin.mysite.com, customer.mysite.com and merchant.mysite.com. I am using the auth:sanctum middleware. The token i have issued for Consumer is passing the sanctum guard in the merchant. And vice versa. How to prevent this? Should i need to implement my own middleware to check the tokenable_type of the token or is there any config in sanctum to do this?
The only workaround you have there is the "Token Abilities" functionality. This way you can set certain permissions per token. You can then set an admin or customer ability on the token so it' won't be able to access the other functionality.
Documentation: https://laravel.com/docs/7.x/sanctum#token-abilities
Please or to participate in this conversation.