In this episode, we walk through installing Laravel Sanctum and setting it up for use with a single-page application (SPA). We start by consulting the Sanctum documentation, making sure we're following the latest recommended steps. The video explains the two main use cases for Sanctum—API token authentication and SPA authentication—and we're specifically setting things up for SPA authentication.
We run the Sanctum installation command, migrate the database (even though the personal access tokens table isn't needed in our scenario), and skip adding the API tokens trait to our model, since that's not relevant to SPA auth.
Next, we configure the stateful domains so our frontend can communicate with the backend securely. We update our .env
and Sanctum config files to include the correct domain (with the right port if needed), and talk about why certain domains need to be listed as “stateful.”
Then we add the Sanctum middleware to make sure cookies are handled correctly between our client app and API. We dig into the CORS configuration, ensuring our SPA and API can talk to each other and that the right endpoints (including those Fortify will add later, like login and register) are whitelisted.
The episode wraps up with adjusting session cookie domain settings to match our configuration, making sure everything lines up for authentication to work smoothly. We mention some common troubleshooting steps, since getting SPA authentication working with Sanctum can sometimes require tweaking these settings later. Once everything’s in place, we're ready to move on to integrating Laravel Fortify in the next episode!