Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 
API Laravel Jetstream

API Laravel Jetstream



Introduction

Jetstream includes first-party integration with Laravel Sanctum. Laravel Sanctum provides a featherweight authentication system for SPAs (single page applications), mobile applications, and simple, token based APIs. Sanctum allows each user of your application to generate multiple API tokens for their account. These tokens may be granted abilities / permissions which specify which actions the tokens are allowed to perform.

Laravel Sanctum provides a featherweight authentication system for SPAs (single page applications), mobile applications, and simple, token based APIs.

By default, the API token creation panel may be accessed using the "API" link of the top-right user profile dropdown menu. From this screen, users may create Sanctum API tokens that have various permissions.

Sanctum Documentation
For more information on Sanctum and to learn how to issue requests to a Sanctum authenticated API, please consult the official Sanctum documentation.

Enabling API Support

If your application will be offering an API to third-parties, you must enable Jetstream's API feature. To do so, you should uncomment the relevant entry in the features configuration option of the config/jetstream.php configuration file:

'features' => [
    Features::profilePhotos(),
    Features::api(),
    Features::teams(),
],

Defining Permissions

The permissions available to API tokens are defined using the Jetstream::permissions method within your application's JetstreamServiceProvider. Permissions are just simple strings. Once they have been defined they may be assigned to an API token:

Jetstream::defaultApiTokenPermissions(['read']);

Jetstream::permissions([
    'create',
    'read',
    'update',
    'delete',
]);

The defaultApiTokenPermissions method may be used to specify which permissions should be selected by default when creating a new API token. Of course, a user may uncheck a default permission before creating the token.

Authorizing Incoming Requests

Every request made to your Jetstream application, even to authenticated routes within your routes/web.php file, will be associated with a Sanctum token object. You may determine if the associated token has a given permission using the tokenCan method provided by the Laravel\Sanctum\HasApiTokens trait. This trait is automatically applied to your application's App\Models\User model during Jetstream's installation:

$request->user()->tokenCan('read');

First-Party UI Initiated Requests

When a user makes a request to a route within your routes/web.php file, the request will typically be authenticated by Sanctum through a cookie based web guard. Since the user is making a first-party request through the application UI in this scenario, the tokenCan method will always return true.

At first, this behavior may seem strange; however, it is convenient to be able to always assume an API token is available and can be inspected via the tokenCan method. This means that within your application's authorizations policies you may always call this method without fear that there is no token associated with the request.

Original Web-site:
https://jetstream.laravel.com/1.x/features/api.html

Заберите ссылку на статью к себе, чтобы потом легко её найти ;)

Выберите, то, чем пользуетесь чаще всего:

Спасибо за внимание, оставайтесь на связи! Ниже ссылка на форум и обсуждение ; )

Log in to comment

Discuss this article

INFO: You are posting the message as a 'Guest'