Laravel Sanctum vs Passport [closed]

About

Asked 23/3, 2020 at 11:40 Answered 23/3, 2020 at 20:42

laravel laravel-passport laravel-7 laravel-sanctum

What are the differences between these 2? And which one is better for a simple VueJS app? I've read their documents a few times but still confused. Thank you very much.

Donitadonjon answered 23/3, 2020 at 11:40 Comment(0)

Passport provides a full OAuth2 server implementation for your Laravel application in a matter of minutes. It is therefore necessary to have a brief knowledge of OAuth2.

Sanctum it is a simple package to issue API tokens to your users without the complication of OAuth. Sanctum uses Laravel's built-in cookie based session authentication services.

In a small application use Sanctum. it's simple and easy.

Spheroidicity answered 23/3, 2020 at 20:42 Comment(6)

Why only use Sanctum in small applications? – Oblate 16/9, 2020 at 12:21

@Oblate because small applications (SPAs, for example) usually only need simple token based auth method... passport offers you a full oauth "spectrum"... which allows you to implement multiple auth methods – Preterit 26/10, 2020 at 4:38

@CodeChuck Suppose there are 2 apps : app 1 deals with human resource development (HRD) that already exists in the client, while I am developing app 2 that deals with performance management system for every employee in the client. My app (app 2) will provide API that can be consumed by app 1, i.e app 1 can post employee records to my app (post/put request) as well as retrieve performance data (get request) from my app. Is Sanctum adequate for this kind of apps ? I have read both Passport (OAuth 2) and Sanctum, but am still not sure which one I will pick. – Foust 6/11, 2020 at 13:44

@LexSoft as the alert accompanying the original question, it's based on the opinion of every developer. The way you put it, I would go with sanctum because your api will have only one client (app 1)... but let's say your client/company in the future wants a mobile application and wants multiple auth options (social, email, phone)... then i'd go with passport... again, this is my opinion... I'd recommend to try both in a test project to get a better idea – Preterit 6/11, 2020 at 18:39

@CodeChuck Chances are my API will be consumed by more than one app. So the recommended way I read is using Authorization Code Grant with PKCE which is available in Passport. Whereas Sanctum approach is like Personal Access Tokens that is also provided by Passport when we don't want to go through the typical authorization code redirect flow. The later approach offers some degree of convenience which clients may well prefer, but it can be vulnerable to security leak. Well, I will need to consider several things. Thanks for reply. – Foust 7/11, 2020 at 8:21

@CodeChuck One thing, I agree, I need to try both ways : Passport's Authorization Code Grant with PKCE and Sanctum in a test project. Actually I have prepared a folder for Sanctum project, but suspended because of time constraint. – Foust 7/11, 2020 at 8:32

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags