Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi! I'm building a site with Laravel as the main site. I have Flarum (SPA forum) and GetCandy(SPA)/Aimeos e-commerce API on my subdomains. I want to authenticate all my APIs using a centralized user base on my main site.
Should I use Passport or Sanctum to achieve this? Have anyone did it before?
EIther will work, but laracasts is now an SPA. Listen to the podcasts where Jeffrey talks about that:
The Laracasts Snippet #134
Edit: Sanctum here might be a good choice since you have SPA's: https://laravel.com/docs/8.x/sanctum#spa-authentication
@digitalam Passport or Sanctum will be the authentication mechanism, but you’re going to also need to look into SSO (single sign-on) if you want to have multiple clients to authenticate against a single authorisation server.
By SSO, you mean every app sharing the same session for authentication? Because I'm looking for a way where users don't have to log in again to my first party APIs
@digitalam Multiple apps can’t be magically logged in. Each apps needs to check somewhere whether the user trying to access is authenticated or not. You can’t log in to App A and magically be logged in to App B and App C.
Please or to participate in this conversation.