mirror of
https://github.com/stancl/tenancy-docs.git
synced 2025-12-12 10:14:03 +00:00
250f0143ef
Added instructions for integrating Laravel Sanctum's API token authentication with Tenancy for Laravel in Laravel 12, including middleware configuration.
74 lines
3.4 KiB
Markdown
74 lines
3.4 KiB
Markdown
---
|
||
title: Laravel Sanctum integration
|
||
extends: _layouts.documentation
|
||
section: content
|
||
---
|
||
|
||
# Laravel Sanctum {#sanctum}
|
||
|
||
> Note: The `sanctum` auth guard can't be used with [user impersonation]({{ $page->link('features/user-impersonation') }}) because user impersonation supports stateful guards only.
|
||
|
||
Laravel Sanctum works with Tenancy out of the box, with the exception of the `sanctum.csrf-cookie` route. You can make some small changes to make the route work.
|
||
|
||
### Making the csrf-cookie route work in the tenant app {#csrf-cookie-route-in-tenant-app}
|
||
|
||
To make the `sanctum.csrf-cookie` route work in the tenant app, do the following:
|
||
|
||
1. Add `'routes' => false` to the `sanctum.php` config
|
||
2. Publish the Sanctum migrations and move them to `migrations/tenant`
|
||
3. Make Sanctum not use its migrations in the central app by adding `Sanctum::ignoreMigrations()` to the `register()` method in your `AuthServiceProvider`
|
||
4. Add the following code to `routes/tenant.php` to override the original `sanctum.csrf-cookie` route:
|
||
|
||
```php
|
||
Route::group(['prefix' => config('sanctum.prefix', 'sanctum')], static function () {
|
||
Route::get('/csrf-cookie', [CsrfCookieController::class, 'show'])
|
||
->middleware([
|
||
'web',
|
||
InitializeTenancyByDomain::class // Use tenancy initialization middleware of your choice
|
||
])->name('sanctum.csrf-cookie');
|
||
});
|
||
```
|
||
|
||
### Making the csrf-cookie route work both in the central and the tenant app {#csrf-cookie-route-in-both-apps}
|
||
|
||
To use the `sanctum.csrf-cookie` route in both the central and the tenant apps:
|
||
|
||
1. Follow the steps in the previous section ("Sanctum's csrf-cookie route in the tenant app")
|
||
2. Set up [universal routes]({{ $page->link('features/universal-routes') }})
|
||
3. Remove `Sanctum::ignoreMigrations()` from your `AuthServiceProvider`'s `register()` method
|
||
4. Remove `'routes' => false` from the `sanctum.php` config
|
||
5. Add the `'universal'` middleware to the `sanctum.csrf-cookie` route in your `routes/tenant.php`
|
||
|
||
### Sanctum API Token Integration with Laravel 12 {#sanctum-api-token-integration-laravel-12}
|
||
|
||
When integrating **Laravel Sanctum’s API token authentication** with **Tenancy for Laravel** in **Laravel 12**, you may encounter an issue where:
|
||
|
||
```php
|
||
$request->user(); // returns null
|
||
```
|
||
even though you have correctly applied the auth:sanctum middleware.
|
||
|
||
This happens because, in Laravel 12, middleware registration is handled via the new bootstrap/app.php file, and the tenancy initialization middleware must run before Sanctum’s authentication middleware in the API middleware stack.
|
||
|
||
To resolve this, update your bootstrap/app.php as follows:
|
||
```php
|
||
use App\Http\Middleware\InitializeTenancyBySubDomain;
|
||
use Illuminate\Foundation\Configuration\Middleware;
|
||
|
||
return Application::configure(basePath: dirname(__DIR__))
|
||
->withMiddleware(function (Middleware $middleware): void {
|
||
$middleware->web([]);
|
||
|
||
// 👇 Important: Prepend tenancy middleware before Sanctum runs
|
||
$middleware->api(prepend: [
|
||
InitializeTenancyBySubDomain::class,
|
||
]);
|
||
})
|
||
->create();
|
||
```
|
||
|
||
With this change, the tenancy context initializes before Sanctum authenticates the user, allowing $request->user() to resolve correctly to the authenticated tenant user.
|
||
|
||
Note: In earlier Laravel versions (≤11), middleware order was managed in app/Http/Kernel.php.
|
||
Since Laravel 12 replaces that with bootstrap/app.php, explicit ordering via withMiddleware() is now required.
|
||
|