It uses Laravel Sanctum with token-based authentication for the API. When a request comes in, the Sanctum middleware uses the token to resolve the model, but it returns an App model instead of the User model. This even works without the App model implementing the Authenticatable interface, and auth()->user() returns an instance of the App model.

I’m using a custom model (e.g., an App model) for authentication with Laravel Sanctum. Do I need to make this model implement the Authenticatable interface? If so, it seems to imply that the model uses passwords and the rememberToken field, even though Sanctum does not require them. This also feels like a violation of the Interface Segregation Principle.

In practice, implementing only the methods Sanctum actually needs (such as getAuthIdentifier()) works. However, my tests fail because Sanctum::actingAs() requires an instance of Authenticatable, meaning I would need to write custom authentication logic in my tests, which adds unnecessary overhead and database interaction.

Is there a better way to authenticate a user without relying on passwords, or am I forced to implement an interface that my model doesn’t fully use?

practical example from yesterday using Livewire and FluxUi

database has three 'boolean' fields. In the UI, I have three checkboxes wire modelled to the database record. The checkboxes are NOT set by 1 in the eloquent model.

Add boolean cast in the Model and the model data is now true/false not 1/0 and checkboxes now reflect the state of the Model.