Level 80
@ismail_bourbie Well how is an “App” in your application authenticated?
Nov 25, 2025
2
Level 2
Laravel Authentication logic.
I’m using a custom model (e.g., an App model) for authentication with Laravel Sanctum.
Do I need to make this model implement the Authenticatable interface? If so, it seems to imply that the model uses passwords and the rememberToken field, even though Sanctum does not require them. This also feels like a violation of the Interface Segregation Principle.
In practice, implementing only the methods Sanctum actually needs (such as getAuthIdentifier()) works. However, my tests fail because Sanctum::actingAs() requires an instance of Authenticatable, meaning I would need to write custom authentication logic in my tests, which adds unnecessary overhead and database interaction.
Is there a better way to authenticate a user without relying on passwords, or am I forced to implement an interface that my model doesn’t fully use?
Level 2
It uses Laravel Sanctum with token-based authentication for the API. When a request comes in, the Sanctum middleware uses the token to resolve the model, but it returns an App model instead of the User model. This even works without the App model implementing the Authenticatable interface, and auth()->user() returns an instance of the App model.
Please or to participate in this conversation.