mirror of https://github.com/stancl/tenancy-docs.git synced 2025-12-12 10:14:03 +00:00

2022-12-15 11:36:17 +01:00

1.8 KiB

Raw Blame History

title	extends	section
Laravel Sanctum integration	_layouts.documentation	content

Laravel Sanctum

Note: The sanctum auth guard can't be used with [user impersonation]({{ $page->link('features/user-impersonation') }}) because user impersonation supports stateful guards only.

Laravel Sanctum works with Tenancy out of the box, with the exception of the sanctum.csrf-cookie route.

To make the sanctum.csrf-cookie route work in the tenant app, do the following:

Add 'routes' => false to the sanctum.php config
Publish the Sanctum migrations and move them to migrations/tenant
Make Sanctum not use its migrations in the central app by adding Sanctum::ignoreMigrations() to the register() method in your AuthServiceProvider
Add the following code to routes/tenant.php to override the original sanctum.csrf-cookie route:

Route::group(['prefix' => config('sanctum.prefix', 'sanctum')], static function () {
    Route::get('/csrf-cookie', [CsrfCookieController::class, 'show'])
        ->middleware([
            'web',
            InitializeTenancyByDomain::class // Use tenancy initialization middleware of your choice
        ])->name('sanctum.csrf-cookie');
});

To use the sanctum.csrf-cookie route in both the central and the tenant apps:

Follow the steps in the previous section ("Sanctum's csrf-cookie route in the tenant app")
Set up [universal routes]({{ $page->link('features/universal-routes') }})
Remove Sanctum::ignoreMigrations() from your AuthServiceProvider's register() method
Remove 'routes' => false from the sanctum.php config
Add the 'universal' middleware to the sanctum.csrf-cookie route in your routes/tenant.php

1.8 KiB Raw Blame History

Laravel Sanctum

Making the csrf-cookie route work in the tenant app

Making the csrf-cookie route work both in the central and the tenant app

1.8 KiB

Raw Blame History