Skip to content

fix(auth): Set sanctum as default guard in config/auth.php #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 9, 2025
+28 −11
Merged

fix(auth): Set sanctum as default guard in config/auth.php #135

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Changed

- **Auth Configuration: Set sanctum as default guard** (#134)
- Changed default guard from `'web'` to `'sanctum'` in `config/auth.php`
- Added explicit `sanctum` guard configuration to guards array
- Updated documentation comments to explain API-only, token-based architecture
- Aligns configuration with actual authentication mechanism (all routes use `auth:sanctum`)
- Self-documenting: Config now clearly shows SecPal is API-only (React PWA frontend)
- Consistent with User model `$guard_name = 'sanctum'` property (#129)
- No behavior change: All 207 tests passing

### Fixed

- **Permission System Guard Migration** - Migrated from 'web' to 'sanctum' guard (#126, #127, #128, #129)
Expand Down
28 changes: 17 additions & 11 deletions config/auth.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,17 @@
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option defines the default authentication "guard" and password
| reset "broker" for your application. You may change these values
| as required, but they're a perfect start for most applications.
| SecPal is an API-only application (React PWA frontend) using stateless
| token-based authentication via Laravel Sanctum. The default guard is
| set to 'sanctum' to reflect this architecture.
|
| The 'web' guard is kept for Laravel's password reset flow (stateless
| token-based verification), but is NOT used for actual authentication.
|
*/

'defaults' => [
'guard' => env('AUTH_GUARD', 'web'),
'guard' => env('AUTH_GUARD', 'sanctum'),
'passwords' => env('AUTH_PASSWORD_BROKER', 'users'),
],

Expand All @@ -26,15 +29,13 @@
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| which utilizes session storage plus the Eloquent user provider.
| SecPal uses Laravel Sanctum for API token authentication. All API routes
| are protected with the 'sanctum' guard (stateless Bearer tokens).
|
| All authentication guards have a user provider, which defines how the
| users are actually retrieved out of your database or other storage
| system used by the application. Typically, Eloquent is utilized.
| The 'web' guard remains configured for Laravel's password reset email
| verification flow only. It is NOT used for actual user authentication.
|
| Supported: "session"
| Supported drivers: "session", "sanctum"
|
*/

Expand All @@ -43,6 +44,11 @@
'driver' => 'session',
'provider' => 'users',
],

'sanctum' => [
'driver' => 'sanctum',
'provider' => 'users',
],
],

/*
Expand Down