Here is how Inertia.js manages authentication and authorization in single-page applications (SPAs):
Authentication
1. Inertia.js does not require a special authentication system like OAuth. Instead, it allows you to use the authentication system provided by your server-side framework, such as the session-based authentication system in Laravel. [3]
2. Laravel's starter kits, Breeze and Jetstream, provide out-of-the-box scaffolding for new Inertia.js applications, including authentication functionality. [3]
3. To access the authenticated user in your Inertia.js components, you can use the `Inertia.share()` method to pass the authenticated user as a prop to your pages. [4]
Authorization
1. For authorization based on resource types (e.g., can the user view the posts module or create a new post), you can pass the authorization checks as props to your Inertia.js page components. [1][2]
2. To check authorization for specific resource entities (e.g., can the user edit a particular post), you can add a `permissions` attribute to your Eloquent models that contains the authorization checks for that entity. Then, you can pass this `permissions` data as a prop to your Inertia.js components. [4]
3. The key is to perform the authorization checks on the server-side and then pass the results to your Inertia.js components as props. This ensures that the authorization logic is not exposed on the client-side, which could be tampered with. [4]
4. Inertia.js does not provide its own authorization system, but rather integrates with the authorization system of your server-side framework (e.g., Laravel's Gate and Policies). [4]
In summary, Inertia.js manages authentication by leveraging the authentication system of your server-side framework, and it handles authorization by performing the checks on the server-side and passing the results as props to your Inertia.js components. This approach ensures that the authentication and authorization logic is kept secure on the server-side.
Citations:[1] https://inertiajs.com/authorization
[2] https://legacy.inertiajs.com/authorization
[3] https://inertiajs.com/authentication
[4] https://sebastiandedeyne.com/handling-authorization-in-a-laravel-and-inertia-application
[5] https://www.youtube.com/watch?v=1xHfpDhuPzA