In this section of the course, we will talk about API authentication. There are different methods to do that. In the first lesson of this section, we will have an overview of what we will be talking about.
Historically, the first Laravel package to work with API and authentication was JSON Web Token Authentication (JWT). Using this package was a popular way to authenticate simple APIs.
But then, in 2016, Taylor Otwell released Laravel Passport, which came with version 5.3. It was a method for more complex authentication. Laravel Passport is an OAuth server that allows much more complex authentication. If your client, a consumer of your API, is another API, or for social networks, like logging with GitHub, is based on OAuth authentication, then a passport was used.
For some time, there were two groups of developers, one that used JWT and the second that used Passport. But learning passport is challenging, and OAuth is complex itself. That was why, with Laravel version seven, Taylor Otwell introduced Laravel Sanctum. Now, sanctum comes with the default Laravel install.
Many people are building SPA applications, with Vue.js for example, and Laravel only for the backend API, and for such applications Laravel Sanctum provides simple authentication solution.
Laravel Sanctum provides authentication for applications like API authentication using tokens, SPA authentication, and mobile application authentication. Sanctum covers all the basic cases that you would need. That's why, especially for those new to API authentication, I recommend using Laravel Sanctum, mainly because it comes with the default Laravel installation and is a first-party Laravel package.
In the following lessons, we will use Laravel Sanctum.