Laravel 11 Authentication with Sanctum: Register, Login, and Protected Pages

Introduction

Laravel 11 provides a robust authentication system, and using Sanctum, we can implement API-based authentication efficiently. This guide covers setting up user authentication, managing account and dashboard pages, and protecting routes for categories and products. Unauthenticated users will be redirected to the login page.

Prerequisites

• Laravel 11 installed
• Composer and PHP 8.3+
• MySQL or any database supported by Laravel
• Postman or a frontend (Vue.js, React, or Blade) to test API calls

Step 1: Install Laravel 11

composer create-project laravel/laravel laravel11-auth
cd laravel11-auth

Step 2: Install Sanctum

composer require laravel/sanctum
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate

Add Sanctum’s middleware to app/Http/Kernel.php:

protected $middlewareGroups = [
    'api' => [
        \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        'throttle:api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],
];

Step 3: Set Up User Authentication

Create the AuthController:

php artisan make:controller AuthController

Modify app/Models/User.php to include Sanctum:

use Laravel\Sanctum\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, HasFactory, Notifiable;
}

Implement authentication in AuthController.php:

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Auth;
use App\Models\User;

class AuthController extends Controller
{
    public function register(Request $request)
    {
        $request->validate([
            'name' => 'required',
            'email' => 'required|email|unique:users',
            'password' => 'required|min:6'
        ]);

        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => Hash::make($request->password),
        ]);

        $token = $user->createToken('auth_token')->plainTextToken;

        return response()->json(['token' => $token, 'user' => $user]);
    }

    public function login(Request $request)
    {
        if (!Auth::attempt($request->only('email', 'password'))) {
            return redirect()->route('login')->withErrors(['message' => 'Invalid credentials']);
        }
        
        $user = Auth::user();
        $token = $user->createToken('auth_token')->plainTextToken;
        
        return redirect()->route('dashboard');
    }

    public function logout()
    {
        Auth::user()->tokens()->delete();
        return redirect()->route('login');
    }
}

Step 4: Protect Routes

Define routes in routes/web.php:

use App\Http\Controllers\AuthController;
use App\Http\Controllers\CategoryController;
use App\Http\Controllers\ProductController;

Route::get('/login', function () {
    return view('auth.login');
})->name('login');

Route::post('/register', [AuthController::class, 'register']);
Route::post('/login', [AuthController::class, 'login']);

Route::middleware('auth:sanctum')->group(function () {
    Route::get('/dashboard', function () {
        return view('dashboard');
    })->name('dashboard');
    Route::post('/logout', [AuthController::class, 'logout'])->name('logout');
    Route::resource('/categories', CategoryController::class);
    Route::resource('/products', ProductController::class);
});

Step 5: Create Blade Files

Layout File

Create resources/views/layouts/app.blade.php:

<!DOCTYPE html>
<html>
<head>
    <title>@yield('title')</title>
</head>
<body>
    @yield('content')
</body>
</html>

Authentication Pages

Create resources/views/auth/login.blade.php:

@extends('layouts.app')
@section('title', 'Login')
@section('content')
<form method="POST" action="{{ route('login') }}">
    @csrf
    <input type="email" name="email" placeholder="Email" required>
    <input type="password" name="password" placeholder="Password" required>
    <button type="submit">Login</button>
</form>
@endsection

Create resources/views/auth/register.blade.php:

@extends('layouts.app')
@section('title', 'Register')
@section('content')
<form method="POST" action="{{ route('register') }}">
    @csrf
    <input type="text" name="name" placeholder="Name" required>
    <input type="email" name="email" placeholder="Email" required>
    <input type="password" name="password" placeholder="Password" required>
    <button type="submit">Register</button>
</form>
@endsection

Dashboard Page

Create resources/views/dashboard.blade.php:

@extends('layouts.app')
@section('title', 'Dashboard')
@section('content')
<h1>Welcome to Dashboard</h1>
<a href="{{ route('logout') }}">Logout</a>
@endsection

Categories and Products Pages

Create resources/views/categories/index.blade.php:

@extends('layouts.app')
@section('title', 'Categories')
@section('content')
<h1>Categories</h1>
<a href="{{ route('categories.create') }}">Add Category</a>
<ul>
@foreach($categories as $category)
    <li>{{ $category->name }}</li>
@endforeach
</ul>
@endsection

Create resources/views/products/index.blade.php:

@extends('layouts.app')
@section('title', 'Products')
@section('content')
<h1>Products</h1>
<a href="{{ route('products.create') }}">Add Product</a>
<ul>
@foreach($products as $product)
    <li>{{ $product->name }}</li>
@endforeach
</ul>
@endsection

Summary

We implemented Laravel 11 authentication with Sanctum and Blade templates, including registration, login, and protected routes for dashboard, categories, and products. Unauthorized users are redirected to the login page, ensuring a secure authentication system with user-friendly Blade templates.