mercredi 22 avril 2020

Are Sanctum and Laravel's default auth the same if not used for tokens?

I'm not quite sure about what is meant in the Laravel documentation, so I'm asking to be sure.

We have the default authentication of Laravel on one side and Sanctum on the other.

It is stated that Sanctum can either do Tokens or simply implement auth. :

For this feature, Sanctum does not use tokens of any kind. Instead, Sanctum uses Laravel's built-in cookie based session authentication services. This provides the benefits of CSRF protection, session authentication, as well as protects against leakage of the authentication credentials via XSS. Sanctum will only attempt to authenticate using cookies when the incoming request originates from your own SPA frontend.

Therefor if Tokens are nevers used, Sanctum is basically the same as the default Authentication method, am I correct? Basically, does it implement the default authentication and add tokens if needed on top of that?

Thanks for reading



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire