laravel-auth_skill

This skill helps you implement secure Laravel authentication and authorization using Sanctum, Passport, Fortify, and policies across modules.
  • TypeScript

2

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill fusengine/agents --skill laravel-auth

  • SKILL.md9.1 KB

Overview

This skill guides implementing authentication and authorization for Laravel 12 projects, covering Sanctum, Passport, Fortify, Socialite, policies, and gates. It provides a clear decision flow, FuseCore module patterns, and a checklist to enforce secure defaults. Use it to choose the right package and apply consistent, auditable access control across modules.

How this skill works

The skill inspects project structure, config, and module dependencies to locate auth code and policies. It recommends a workflow that spawns agents to explore the codebase, validate docs, and query patterns before changes, then runs a validation agent after implementation. It maps guards, providers, token abilities, and FuseCore module wiring into practical tasks and templates for setup and testing.

When to use it

  • Setting up API tokens, SPA auth, or mobile token auth (Sanctum).
  • Building a headless backend or custom frontend authentication (Fortify).
  • Providing third-party OAuth2 access for external apps (Passport).
  • Adding social login (Socialite) or starter kit scaffolding for new projects.
  • Implementing model-level authorization with policies and gates.
  • Integrating authentication into FuseCore modular projects.

Best practices

  • Always hash passwords (Hash::make or hashed cast) and never store plain text.
  • Use policies for model authorization; avoid inline if checks in controllers.
  • Regenerate session after login to prevent session fixation.
  • Define token abilities and apply least-privilege to API tokens.
  • Enable HTTPS and secure cookies in production; rate limit login attempts.

Example use cases

  • Configure Sanctum for an SPA on the same domain with cookie-based authentication.
  • Use Fortify for a headless API that handles custom registration and 2FA flows.
  • Set up Passport to expose OAuth2 scopes for third-party integrations.
  • Add Socialite to support Google and GitHub login for quick social onboarding.
  • Place user auth and policies into a FuseCore User module and declare dependencies for other modules.

FAQ

Use Sanctum for first-party APIs, SPA auth, or mobile apps where you control client and server. Choose Passport only when you need a full OAuth2 server for third-party access.

Where should authorization logic live?

Put authorization in policies and gates. Call authorize() in controllers or authorizeResource in resource controllers; avoid embedding access checks directly in controller actions.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
laravel-auth skill by fusengine/agents | VeilStrat