API Authentication

1. Install Sanctum

Sanctum provides a lightweight API authentication system for SPAs (Single Page Applications) and simple APIs.

Example: Installing Sanctum

composer require laravel/sanctum

2. Publish Sanctum Configuration

After installing Sanctum, publish its configuration file.

Example: Publishing Sanctum Config

php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"

3. Set Up Sanctum Middleware

To protect your API routes, you need to use Sanctum's middleware in the api middleware group.

Example: Add Sanctum Middleware

In app/Http/Kernel.php, add Sanctum's middleware to the api middleware group.

'api' => [
    \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
    'throttle:api',
    \Illuminate\Routing\Middleware\SubstituteBindings::class,
],

4. Create the Authentication Controller

Next, create a controller to handle the login and user registration functionality.

Example: Generating Authentication Controller

php artisan make:controller AuthController

5. Implement Login and Registration Methods

In the AuthController, implement the methods for user registration and login.

Example: Implementing Registration and Login

namespace App\Http\Controllers;

use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;

class AuthController extends Controller
{
    // Register new user
    public function register(Request $request)
    {
        $validator = Validator::make($request->all(), [
            'name' => 'required|string|max:255',
            'email' => 'required|string|email|max:255|unique:users',
            'password' => 'required|string|min:6',
        ]);

        if ($validator->fails()) {
            return response()->json(['errors' => $validator->errors()], 400);
        }

        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => Hash::make($request->password),
        ]);

        return response()->json(['message' => 'User created successfully', 'user' => $user]);
    }

    // Login user
    public function login(Request $request)
    {
        $credentials = $request->only('email', 'password');

        if (Auth::attempt($credentials)) {
            $user = Auth::user();
            $token = $user->createToken('API Token')->plainTextToken;

            return response()->json(['message' => 'Login successful', 'token' => $token]);
        }

        return response()->json(['message' => 'Invalid credentials'], 401);
    }
}

6. Set Up Routes for Authentication

In routes/api.php, define the routes for registration and login.

Example: Defining Routes

use App\Http\Controllers\AuthController;

Route::post('register', [AuthController::class, 'register']);
Route::post('login', [AuthController::class, 'login']);