Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

aslamdoctor's avatar

Need suggestion regarding Multi-auth system

Hi Guys,

I want to build a system in Laravel in which there are 3 kind of users.

  1. Admin
  2. Employer
  3. Applicant

They all has different data and I prefer having different tables for each.

And I want to build it using VueJS (using laravel ui package) which I am familiar with.

My question is, which Auth feature/package I should use on laravel from below ?

  1. Sanctum
  2. JWT Auth
  3. Passport

or is there any other you guys prefer?

Also what would be the best way to handle Multi-auth system so that I can have Models for all 3 kind of users ?

I tested sanctum by building simple auth system for one user, which is really good but later I realized sanctum can't work with different domains. The Backend and Frontend needs to be on same domain (or subdomain). My case is, in future I will have to move APIs to different domain.

Thanks in advance.

0 likes
8 replies
Tray2's avatar

I highly recommend using a single table for users. More than one will just give you a headache. You can then use different tables for the unique fields.

This is from the docs

Passport Or Sanctum?

Before getting started, you may wish to determine if your application would be better served by Laravel Passport or Laravel Sanctum. If your application absolutely needs to support OAuth2, then you should use Laravel Passport.

However, if you are attempting to authenticate a single-page application, mobile application, or issue API tokens, you should use Laravel Sanctum. Laravel Sanctum does not support OAuth2; however, it provides a much simpler API authentication development experience.

1 like
aslamdoctor's avatar

I better use Passport then. I have used it before but for single user purpose. How about using Guards & Policies for implementing Multi-auth ?

martinbean's avatar

@aslamdoctor Use a profiles table. But every user will have at least a name, email, and password. Then put role-specific fields in role-specific profile tables. You can use a polymorphic relation for this.

1 like
aslamdoctor's avatar

What if we have same email id for 2 different types of users?

Snapey's avatar

Agreed. There is only one type of user, but three types of roles...

jlrdw's avatar

@aslamdoctor this multi auth is asked here about every week. You could also search past discussions.

Almost every time the answer is similar to:

  • use authentication for login
  • use authorization do determine what logged in user can or cannot do
  • use query scopes to fine tune a query

Fine tuning meaning admin can see all, user only sees their data is an example.

Retrieve user id with Auth::id, don't pass in the url, and things like that.

Please or to participate in this conversation.