In this episode, we tackle the problem of exposing team IDs in a Laravel Jetstream application—something you probably want to avoid if you're aiming for a bit more privacy or security (or just prefer UUIDs over incremental integers). We walk through how Jetstream, by default, exposes simple integer IDs everywhere—for example, in your URLs and hidden form inputs—and how you can switch all of this over to using UUID instead.
First, we update the database: we add a UUID column to the teams
table and make sure it's auto-filled on new teams using an Eloquent model event. Then, you’ll see how to swap Jetstream’s default route handling for your own customized routes and controllers so you can swap IDs for UUIDs everywhere in the app. We copy over the Jetstream routes to our local app, disable the default Jetstream route registration, and hook up our own controllers.
A big chunk of the process is updating all the spots Jetstream exposes the internal team ID. That means updating Blade views like the navigation and team switchers so everything points to the team UUID instead. For those Blade components tucked away in Jetstream’s vendor code, we duplicate them locally and edit as needed. There's some copy-pasting and a bit of code wrangling, but it's all pretty straightforward once you see the pattern.
Finally, we update logic everywhere an ID was being used (lookups, switches, etc.) to use the UUID instead, so now all team URLs and forms show the UUID. As a result, users no longer see the simple auto-incrementing IDs anywhere. The underlying logic with user-team relationships is untouched, so everything else still works as before. The episode wraps up with everything working nicely using UUIDs, and those numeric IDs hidden from the frontend.
Overall, it's a real-world walkthrough of extending and overriding vendor boilerplate in Laravel Jetstream, so you get a good feel for how to take control of your own app’s security and structure!