tenancy-docs/source/docs/v3/integrations/sanctum.blade.md

title	extends	section
Laravel Sanctum integration	_layouts.documentation	content

Laravel Sanctum

Note: The sanctum auth guard can't be used with [user impersonation]({{ $page->link('features/user-impersonation') }}) because user impersonation supports stateful guards only.

Laravel Sanctum works with Tenancy out of the box, with the exception of the sanctum.csrf-cookie route. You can make some small changes to make the route work.

Making the csrf-cookie route work in the tenant app

To make the sanctum.csrf-cookie route work in the tenant app, do the following:

1. Add 'routes' => false to the sanctum.php config
2. Publish the Sanctum migrations and move them to migrations/tenant
3. Make Sanctum not use its migrations in the central app by adding Sanctum::ignoreMigrations() to the register() method in your AuthServiceProvider
4. Add the following code to routes/tenant.php to override the original sanctum.csrf-cookie route:

Route::group(['prefix' => config('sanctum.prefix', 'sanctum')], static function () {
    Route::get('/csrf-cookie', [CsrfCookieController::class, 'show'])
        ->middleware([
            'web',
            InitializeTenancyByDomain::class // Use tenancy initialization middleware of your choice
        ])->name('sanctum.csrf-cookie');
});

Making the csrf-cookie route work both in the central and the tenant app

To use the sanctum.csrf-cookie route in both the central and the tenant apps:

1. Follow the steps in the previous section ("Sanctum's csrf-cookie route in the tenant app")
2. Set up [universal routes]({{ $page->link('features/universal-routes') }})
3. Remove Sanctum::ignoreMigrations() from your AuthServiceProvider's register() method
4. Remove 'routes' => false from the sanctum.php config
5. Add the 'universal' middleware to the sanctum.csrf-cookie route in your routes/tenant.php