im fairly new to REST and Im developing an SPA that uses Angular, while the backend is coded in laravel. So far the only type of authentication I've found on the internet is via JWT, but I also read that they are kinda insecure and can be stolen. Are JWT's the only way of authenticating users in SPA's? what are other, more secure ways?.
Thank you!
use Laravel Sanctum.
Laravel Sanctum provides a featherweight authentication system for SPAs (single page applications), mobile applications, and simple, token based APIs. Sanctum allows each user of your application to generate multiple API tokens for their account. These tokens may be granted abilities / scopes which specify which actions the tokens are allowed to perform.
And Laravel Sanctum is not using jwt, Sanctum does not use tokens of any kind. Instead, Sanctum uses Laravel's built-in cookie based session authentication services. This provides the benefits of CSRF protection, session authentication, as well as protects against leakage of the authentication credentials via XSS. Sanctum will only attempt to authenticate using cookies when the incoming request originates from your own SPA frontend.
