laravel-authlisted

# Laravel Authentication & Authorization ## Agent Workflow (MANDATORY) Before ANY implementation, use `TeamCreate` to spawn 3 agents: 1. **fuse-ai-pilot:explore-codebase** - Check existing auth setup, guards, policies 2. **fuse-ai-pilot:research-expert** - Verify latest Laravel 13 auth docs via Context7 3. **mcp__context7__query-docs** - Query specific patterns (Sanctum, Passport, etc.) After implementation, run **fuse-ai-pilot:sniper** for validation. --- ## Overview Laravel provides a complete authentication and authorization ecosystem. Choose based on your needs: | Package | Best For | Complexity | |---------|----------|------------| | **Starter Kits** | New projects, quick setup | Low | | **Sanctum** | API tokens, SPA auth | Low | | **Fortify** | Custom UI, headless backend | Medium | | **Passport** | OAuth2 server, third-party access | High | | **Socialite** | Social login (Google, GitHub) | Low | --- ## Critical Rules 1. **Use policies for model authorization** - Not inline `if` checks 2. **Always hash passwords** - `Hash::make()` or `'hashed'` cast 3. **Regenerate session after login** - Prevents fixation attacks 4. **Use HTTPS in production** - Required for secure cookies 5. **Define token abilities** - Principle of least privilege --- ## Architecture ``` app/ ├── Http/ │ ├── Controllers/ │ │ └── Auth/ ← Auth controllers (if manual) │ └── Middleware/ │ └── Authenticate.php ← Redirects unauthenticated ├── Models/ │ └── User.