DEV Community

Discussion on: Laravel Jetstream vs Breeze vs Laravel/ui

dramaticbean profile image

Where does Sanctum fits in all this? I have been making a side project where Laravel and React are in different directories and I had problems understanding the difference between Passport and Sanctum

nathanheffley profile image
Nathan Heffley

Sanctum is a package to make it easy to authenticate stateless requests, specifically for API's using tokens, and/or for SPA authentication without mucking around with JWT tokens.

It is something you could install alongside Breeze (especially if you are only using it for API tokens most likely) or if you are using it for SPA authentication it could be installed on its own. The docs are really good and we're just revamped for devs new to Laravel:

Passport is a totally different beast. It provides your users a way to connect to it app using OAuth, which is almost certainly not how you want your users to connect to your API when using a first-party SPA (although there's nothing wrong with that if you really want to go that way). The Passport docs even have a section discussing Passport vs Sanctum:

sahilofficial671 profile image
Sahil Bhatia

Passport: --
Passport is for oAuth2 basically
Ex: like if you have seen any other application like "DEV" in which we are currently commenting if you click signup with GitHub it will take you to GitHub oAuth page where "Dev" with be authorize with a authentication token for nearly 1 year or so. So these releasing token for other application is can be done by Passport package in Laravel. (You can see github login in many other applications like, Gitlab, etc.)

Sanctum: --
Sanctum is just for like having Laravel's cookie based authentication for API's which we already have for browser. It can be done with the help of laravel/ui, Fortify.

-- Conclusion: --
If you need token for single mobile app or SPA you should use Sanctum and if you need for more than one application like you should use Passport