Laravel Sanctum vs Passport
27,740
Passport provides a full OAuth2 server implementation for your Laravel application in a matter of minutes. It is therefore necessary to have a brief knowledge of OAuth2.
Sanctum it is a simple package to issue API tokens to your users without the complication of OAuth. Sanctum uses Laravel's built-in cookie based session authentication services.
In a small application use Sanctum. it's simple and easy.
Related videos on Youtube
24 : 16
Sanctum & Passport, with Taylor Otwell
05 : 55
Laravel API Auth with Sanctum and API Tokens
29 : 52
Getting started with Laravel Passport and OAuth2
07 : 28
Laravel Passport or Sanctum | What is OAuth, & How it Works?
04 : 00
Laravel API Auth Demo: Passport, oAuth and Sanctum
03 : 21
Laravel Sanctum vs Passport & when to use Laravel Sanctum - Laravel SPA Authentication
Author by
Daniel
Updated on June 23, 2020Comments
-
Daniel almost 4 years
What are the differences between these 2? And which one is better for a simple VueJS app? I've read their documents a few times but still confused. Thank you very much.
-
louis_coetzee over 3 yearsWhy only use Sanctum in small applications?
-
chuysbz over 3 years@louis_coetzee because small applications (SPAs, for example) usually only need simple token based auth method... passport offers you a full oauth "spectrum"... which allows you to implement multiple auth methods -
Lex Soft over 3 years@CodeChuck Suppose there are 2 apps : app 1 deals with human resource development (HRD) that already exists in the client, while I am developing app 2 that deals with performance management system for every employee in the client. My app (app 2) will provide API that can be consumed by app 1, i.e app 1 can post employee records to my app (post/put request) as well as retrieve performance data (get request) from my app. Is Sanctum adequate for this kind of apps ? I have read both Passport (OAuth 2) and Sanctum, but am still not sure which one I will pick.
-
chuysbz over 3 years@LexSoft as the alert accompanying the original question, it's based on the opinion of every developer. The way you put it, I would go with sanctum because your api will have only one client (app 1)... but let's say your client/company in the future wants a mobile application and wants multiple auth options (social, email, phone)... then i'd go with passport... again, this is my opinion... I'd recommend to try both in a test project to get a better idea
-
Lex Soft over 3 years@CodeChuck Chances are my API will be consumed by more than one app. So the recommended way I read is using Authorization Code Grant with PKCE which is available in Passport. Whereas Sanctum approach is like Personal Access Tokens that is also provided by Passport when we don't want to go through the typical authorization code redirect flow. The later approach offers some degree of convenience which clients may well prefer, but it can be vulnerable to security leak. Well, I will need to consider several things. Thanks for reply.
-
Lex Soft over 3 years@CodeChuck One thing, I agree, I need to try both ways : Passport's Authorization Code Grant with PKCE and Sanctum in a test project. Actually I have prepared a folder for Sanctum project, but suspended because of time constraint.
