Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

undusted's avatar

Remove user registration / password management

Hi 👋

Context:

I am looking at migrating an app from SlimPHP 3 to Laravel. SlimPHP is great, but we've gotten very tired of rolling our own everything. After spending some time in the docs and watching some youtube videos, we are pretty sold on Laravel being the other end of that spectrum.

Our app is internal to a business which uses Azure AD for SSO. We expressly need to remove the features allowing user registration, password creation and reset, and only permit users to authenticate against Azure AD. Once they are authenticated we'll hang onto a couple of different tokens for various internal APIs (in session or in a db table - doesn't really matter).

Question

I haven't been able to find any (recent) clear explanation of how to remove the default user registration and auth system that comes when you scaffold a new Laravel app using sail. I'm expecting we'll use Socialite with one of the community plugins, but I guess we might just do a custom OAuth flow. Would appreciate any guidance on removing the default user + auth system, and possible options for configuring SSO with Azure AD instead.

I'm also wondering since some of the built-in classes must be registering routes - is there an easy way to enumerate all the registered routes (including ones registered by Laravel services which are not in the app source)? It makes me nervous to think there are some 'secret' routes active on the app which we have no direct visibility of.

Lastly, I see a few references to Sanctum sprinkled through the scaffolded app code. I thought that Sanctum was designed to provide an auth layer for SPAs, or maybe also to provide a token system for API routes? I'm not sure I understand why it's included by default. In our existing (SlimPHP) app we have a system very similar to Laravel + Inertia (only without the convenience that InertiaJS brings - we had to build that out ourselves 😅). I don't think we need Sanctum for our purposes, and if we ever do add a standalone set of API routes we are likely to expect the user to provide a valid token from Azure, rather than generating our own. Any advice here would be appreciated too.

Many many thanks!

0 likes
0 replies

Please or to participate in this conversation.