Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon How does InertiaJS manage authentication and authorization in SPAs


How does InertiaJS manage authentication and authorization in SPAs


Here is how Inertia.js manages authentication and authorization in single-page applications (SPAs):

Authentication

1. Inertia.js does not require a special authentication system like OAuth. Instead, it allows you to use the authentication system provided by your server-side framework, such as the session-based authentication system in Laravel. [3]

2. Laravel's starter kits, Breeze and Jetstream, provide out-of-the-box scaffolding for new Inertia.js applications, including authentication functionality. [3]

3. To access the authenticated user in your Inertia.js components, you can use the `Inertia.share()` method to pass the authenticated user as a prop to your pages. [4]

Authorization

1. For authorization based on resource types (e.g., can the user view the posts module or create a new post), you can pass the authorization checks as props to your Inertia.js page components. [1][2]

2. To check authorization for specific resource entities (e.g., can the user edit a particular post), you can add a `permissions` attribute to your Eloquent models that contains the authorization checks for that entity. Then, you can pass this `permissions` data as a prop to your Inertia.js components. [4]

3. The key is to perform the authorization checks on the server-side and then pass the results to your Inertia.js components as props. This ensures that the authorization logic is not exposed on the client-side, which could be tampered with. [4]

4. Inertia.js does not provide its own authorization system, but rather integrates with the authorization system of your server-side framework (e.g., Laravel's Gate and Policies). [4]

In summary, Inertia.js manages authentication by leveraging the authentication system of your server-side framework, and it handles authorization by performing the checks on the server-side and passing the results as props to your Inertia.js components. This approach ensures that the authentication and authorization logic is kept secure on the server-side.

Citations:
[1] https://inertiajs.com/authorization
[2] https://legacy.inertiajs.com/authorization
[3] https://inertiajs.com/authentication
[4] https://sebastiandedeyne.com/handling-authorization-in-a-laravel-and-inertia-application
[5] https://www.youtube.com/watch?v=1xHfpDhuPzA