Authentication Basics

The Starter Kit uses Laravel Sanctum for authentication scaffolding on the backend. Since Sanctum is a very powerful package that comes with all necessary Models and Controllers out of the box, the amount of configuration and adaption on the backend is minimal. The frontend, however, requires heavier lifting.

On the frontend, the UI components for authentication live under /client/pages/user. As all endpoints calls are conducted via the Redux API, the functions for calling the authentication endpoints live under /client/store/auth. The auth store is located in authReducer.tsx, while the authActions.tsx file holds all necessary methods. These are:

  • loadUser() loads the currently authenticated user
  • login() logs in an unauthenticated user by email and password
  • register() registers a new user by name, email, password and password confirmation
  • logout() logs the currently authenticated user out
  • forgotPassword() -> sends a password-reset link per mail to a given email address.
  • resetPassword() Change/reset the password of a user via the link she got per mail when calling the forgotPassword() function. For security reasons the function requires a confirmation of the email, a token and the new password
  • verifyEmail() confirms the email address of a newly registered user. For security reasons, the functions requires the userID, a hash, the expiration and a signature. All these values are sent to the user by mail upon registration.