How to optionally authenticate with Laravel Sanctum?

Question

I'm using Laravel Sanctum to authenticate users. I'd like to have a route that can be accessed by guests and logged in users. Logged in users send an API Token in the Authorization header.

I've tried making a route without authentication, but that way I can't see the logged in user.

Route::get('noauth', function() {
  return Auth::check();
});

GET /noauth with auth header returns false, user is not logged in
GET /noauth without auth header returns false, user is not logged in

I've also tried using auth:sanctum middleware, but that way guests can't access the page.

Route::get('yesauth', function() {
  return Auth::check();
})->middleware('auth:sanctum');

GET /yesauth with auth header returns true, the user is logged in
GET /yesauth withouth auth header returns 401, unauthorized

The solution should return true with auth headers, and false without auth headers.

@ceejayoz It returned false regardless of auth headers. I may have misconfigured something, because I only use this laravel app for APIs. And `Auth::guard('api')` returns errors. — Gergő Gutyina, Nov 11 '21 at 06:05
if you do `auth('sanctum')->user()`, you can get the user. It will return null if the user is not logged in. ` — FONGOH MARTIN, Apr 25 '22 at 19:57

score 0 · Answer 1 · answered Aug 30 '23 at 02:38

You can check if there is token in the request.

If token is present try to get the user from Sanctum auth guard and assign it as the current user.

if (request()->bearerToken() && $user = Auth::guard('sanctum')->user()) {
    Auth::setUser($user);
}

return Auth::check() // false for guest users, true if valid token present

score -1 · Accepted Answer · answered Nov 14 '21 at 16:52

-1

Auth is using the web guard by default. Change it to sanctum in /config/auth.php:

'defaults' => [
    // 'guard' => 'web',
    'guard' => 'sanctum',
    'passwords' => 'users',
],

answered Nov 14 '21 at 16:52

Gergő Gutyina

129
1
12

How to optionally authenticate with Laravel Sanctum?

2 Answers2