Using both Laravel Sanctum and Laravel Passport, together?

[lucasdcrk]

Hi,

I searched online for a way to use both passport and sanctum, which is not possible at the time as both packages would override each other. Most of the answers says that there is no need for both of them, you either chooser the simplicity of Sanctum or the fully fledge passport.

But I think they should be able to be used complementarily, let's me explain:

I have an app with Sanctum, which I love for authenticating first party apps (made by me) and allowing my users to create API tokens in a simple manner.
But I would also like to provide OAuth for third party apps / utilities. Using sanctum is great for everything first party (users can enter they credentials on the mobile app safely) but I would rather use OAuth to avoid my users having to enter their password on an app made by a third party.

So I could switch sanctum and go for passport but I will lose the ability for my users to create API tokens simple and they would be forced to OAuth too (I guess?). Though I would still be able to use password grant for my mobile app.
Or I could keep sanctum and create my own wrapper for the PHP League OAuth package?

Has someone face the same challenge as me? Would love to hear your thoughts!

Regards,

[r0bdiabl0]

This would be great as they solve 2 entirely different use cases.

[schonhoff]

Hey,
I faced the same challenge and got it to work. I needed two User Models (one is the standard User and one is an ApiUser). After that you need some modifications on the auth.php config file:

    'guards' => [
        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],

        'api-sanctum' => [
            'driver' => 'sanctum',
            'provider' => 'api-users',
        ],
        [...]
      ],

    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],

        'api-users' => [
            'driver' => 'eloquent',
            'model' => App\Models\ApiUser::class,
        ],

        [...]
    ],

Now the ApiUser can use Sanctums HasApiToken and the normal User can use Passports HasApiTokens. Both extends a BaseUser Model which holds the relations and such stuff.

Now you can use 'auth:api-sanctum' on routes as a middleware and an api-Passport middleware on other routes.

I found the solution by some googling, but I can't find it at the moment (maybe I'm using the wrong keywords again :D ). But maybe this is at least a direction you can work with.

[kyuchukovv]

@schonhoff What if I like to use both middlewares for same routes?

[schonhoff]

I would guess that this is not possible. But you can try it out locally

[kyuchukovv]

Currently I am trying yes, probably I don't need Passport.
I am using Socialite to receive oauth2 providers data and save the tokens in db. Then I am logging the user and consuming api endpoints.
Will post if I succeed and is not a complete mess.

[avianheit07]

I've tried this approach but I keep getting 'Socket hang up' for unauthenticated users in sanctum. Have you encountered this? Can you provide more details on how to properly set this up please?

[schonhoff]

Sorry, but it works for us for 3 years now with the solution mentioned above. Maybe you did something wrong?

[KateKoltsova]

But why can't you use passport tokens for all users?

[mrimran]

There can be number of scenarios, then common ones are:
1 - The application is already built on sanctum and now that also required OAuth functionality.
2 - For standard auth process application wants to stay with simple token based approach of sactum and want to use passport for 3rd party auth systems.