How does InertiaJS manage authentication and authorization in SPAs

Authentication

1. Inertia.js does not require a special authentication system like OAuth. Instead, it allows you to use the authentication system provided by your server-side framework, such as the session-based authentication system in Laravel. [3]

2. Laravel's starter kits, Breeze and Jetstream, provide out-of-the-box scaffolding for new Inertia.js applications, including authentication functionality. [3]

3. To access the authenticated user in your Inertia.js components, you can use the `Inertia.share()` method to pass the authenticated user as a prop to your pages. [4]

Authorization

1. For authorization based on resource types (e.g., can the user view the posts module or create a new post), you can pass the authorization checks as props to your Inertia.js page components. [1][2]

2. To check authorization for specific resource entities (e.g., can the user edit a particular post), you can add a `permissions` attribute to your Eloquent models that contains the authorization checks for that entity. Then, you can pass this `permissions` data as a prop to your Inertia.js components. [4]

3. The key is to perform the authorization checks on the server-side and then pass the results to your Inertia.js components as props. This ensures that the authorization logic is not exposed on the client-side, which could be tampered with. [4]

4. Inertia.js does not provide its own authorization system, but rather integrates with the authorization system of your server-side framework (e.g., Laravel's Gate and Policies). [4]

In summary, Inertia.js manages authentication by leveraging the authentication system of your server-side framework, and it handles authorization by performing the checks on the server-side and passing the results as props to your Inertia.js components. This approach ensures that the authentication and authorization logic is kept secure on the server-side.