Laravel Sanctum: Secure Authentication for APIs and SPAs

Modern applications often use JavaScript frontends or mobile apps that talk to a backend API. Laravel Sanctum provides a simple way to authenticate these clients.

  Sanctum supports two common patterns:
  - Cookie-based authentication for SPAs
  - Token-based authentication for APIs
  
  ## Installing Sanctum
  
  ```bash
  composer require laravel/sanctum
  php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
  php artisan migrate
  ```
  
  Add middleware in `app/Http/Kernel.php`.
  
  ## Token authentication example
  
  Create a token after login:
  
  ```php
  $token = $user->createToken('mobile-app')->plainTextToken;
  return response()->json(['token' => $token]);
  ```
  
  Use it in requests:
  
  ```http
  Authorization: Bearer your_token_here
  ```
  
  ## Request flow
  
  ```mermaid
  flowchart LR
    A[Client Login] --> B[Laravel Auth]
    B --> C[Issue Token]
    C --> D[Client Stores Token]
    D --> E[API Requests]
    E --> F[Sanctum Middleware]
  ```
  
  Sanctum gives you secure auth without the complexity of OAuth.
  
  In the next tutorial, we will intercept requests using middleware.