Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Filament Sanctum
Assessments

Filament Sanctum Laravel Package

devtical/filament-sanctum

Filament Sanctum adds a Filament panel for managing Laravel Sanctum API tokens. Create and view personal access tokens from the admin UI, with publishable config and translations for easy customization.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • Filament 4 + Sanctum Synergy: The package bridges Laravel Sanctum (API token authentication) with Filament’s admin panel, enabling granular token management directly within Filament’s UI. This aligns well with modern Laravel ecosystems where Sanctum is the de facto choice for SPA/mobile API auth.
  • Modularity: Leverages Filament’s plugin system, ensuring minimal core framework intrusion. The package extends Filament’s resource system without requiring Sanctum-specific middleware changes.
  • State Management: Integrates Sanctum’s token lifecycle (creation, revocation, listing) into Filament’s stateful UI, reducing boilerplate for developers managing API clients.

Integration Feasibility

  • Low Friction: Composer install + publish steps are standard for Laravel packages. Sanctum is already a core Laravel dependency in most projects, reducing dependency conflicts.
  • Filament 4 Compatibility: Explicitly designed for Filament 4 (not legacy versions), ensuring UI/UX consistency with Filament’s modern React-based components.
  • Sanctum Version Agnosticism: Likely works with Sanctum v3+ (common in Laravel 10/11), but version pinning in composer.json is critical to avoid breaking changes.

Technical Risk

  • Sanctum Customization: If the project overrides Sanctum’s default behavior (e.g., custom guards, token generators), the package may require adjustments. Mitigation: Document customizations early.
  • Filament Plugin Conflicts: Other Filament plugins might extend Sanctum resources (e.g., user management). Mitigation: Test with existing plugins pre-integration.
  • Performance: Token listings/revocation could impact API performance if not paginated. Mitigation: Configure Sanctum’s PersonalAccessToken model queries (e.g., withTrashed()) or add Filament pagination.

Key Questions

  1. Sanctum Configuration: Is Sanctum already configured in the project, or will this package drive initial setup?
  2. Token Scaling: Will the admin panel handle high-volume token operations (e.g., 10K+ tokens)? If so, optimize Sanctum’s PersonalAccessToken queries.
  3. RBAC Alignment: Does the project’s role-based access control (RBAC) in Filament align with Sanctum’s token permissions? Misalignment may require custom policy overrides.
  4. Audit Logging: Are token creation/revocation events logged? If so, integrate with Filament’s audit log or a third-party solution.
  5. Multi-Tenant: If using Laravel’s multi-tenancy, ensure Sanctum’s hasAccess() checks respect tenant contexts.

Integration Approach

Stack Fit

  • Laravel 10/11 + Filament 4: Native fit. The package assumes these versions; downgrades may require adjustments.
  • Sanctum v3+: Required for token management features. Verify compatibility if using a fork or custom Sanctum setup.
  • Database: Relies on Sanctum’s default personal_access_tokens table. Custom token tables would need middleware/config tweaks.
  • Frontend: No direct frontend impact, but token usage in APIs (e.g., SPA) must align with Filament-managed tokens.

Migration Path

  1. Pre-Integration:
    • Audit existing Sanctum usage (e.g., custom token generators, guards).
    • Backup Sanctum configurations (config/sanctum.php).
  2. Installation: 
    composer require devtical/filament-sanctum
php artisan vendor:publish --tag=filament-sanctum-config
php artisan vendor:publish --tag=filament-sanctum-translations
  3. Configuration:
    • Review config/filament-sanctum.php for Sanctum model/class overrides.
    • Register the plugin in app/Providers/Filament/AdminPanelProvider.php: 
      ->plugin(FilamentSanctumPlugin::make())
  4. Testing:
    • Validate token CRUD in Filament’s UI matches API behavior.
    • Test token revocation impacts on active API requests (use sanctum:flush cautiously).

Compatibility

  • Filament Plugins: Conflicts unlikely if plugins don’t extend Sanctum resources. Test with:
    • filament/spatie-laravel-permission (if using roles/permissions).
    • filament/medialibrary (no direct impact).
  • Sanctum Extensions: Packages like laravel/sanctum or spatie/laravel-permission should coexist if configured properly.
  • Legacy Code: Sanctum’s HasApiTokens trait is widely adopted; minimal refactoring expected.

Sequencing

  1. Phase 1: Install and configure the package in a staging environment.
  2. Phase 2: Migrate existing tokens (if any) via Sanctum’s PersonalAccessToken model or CLI.
  3. Phase 3: Train admins on the Filament UI for token management.
  4. Phase 4: Deprecate manual Sanctum token management (e.g., Tinker/TTY) in favor of Filament.

Operational Impact

Maintenance

  • Dependency Updates: Monitor devtical/filament-sanctum and Sanctum for breaking changes. Use composer why-not to audit updates.
  • Configuration Drift: Centralize Sanctum/Filament configs in a single source (e.g., config/filament-sanctum.php + config/sanctum.php).
  • Plugin Updates: Filament 4’s plugin system may evolve; test upgrades against the package’s compatibility.

Support

  • Troubleshooting:
    • Token Issues: Check Sanctum’s PersonalAccessToken model events (e.g., creating, deleting).
    • UI Glitches: Clear Filament cache (php artisan filament:cache:clear) and view logs (storage/logs/laravel.log).
  • Documentation Gaps: The package lacks deep-dive docs on customization (e.g., token expiration logic). Mitigation: Create internal runbooks for edge cases.
  • Community: Low stars (53) suggest niche adoption; rely on GitHub issues or direct author support (w.kristories@gmail.com).

Scaling

  • Token Volume: Sanctum’s PersonalAccessToken queries may slow with >5K tokens. Optimizations:
    • Add indexes to tokenable_id, abilities columns.
    • Implement soft deletes (SoftDeletes trait) for revoked tokens.
    • Paginate Filament’s token listings (extend the package or use Filament’s built-in pagination).
  • Concurrency: Token revocation during high traffic could cause race conditions. Mitigation: Use database transactions or Sanctum’s revoke() method with delete: true.

Failure Modes

Failure Scenario Impact Mitigation
Sanctum DB corruption Token data loss Regular DB backups; test sanctum:flush in staging.
Filament plugin conflict UI broken or token management fails Isolate testing; use filament:disable for debugging.
Token revocation race condition Inconsistent API access Implement retries or queue revocation jobs.
Package abandonment No updates/security fixes Fork the repo or engage the author for maintenance.
Laravel/Sanctum major version bump Compatibility break Pin versions in composer.json; test early.

Ramp-Up

  • Developer Onboarding:
    • 1 Hour: Install and configure the package.
    • 2 Hours: Test token CRUD in Filament vs. API.
    • 4 Hours: Customize (e.g., add token metadata fields, override revocation logic).
  • Admin Training:
    • Focus on Filament’s new "Sanctum" resource in the sidebar.
    • Highlight token abilities (e.g., create, delete) and their API implications.
  • Knowledge Sharing:
    • Document common workflows (e.g., "How to revoke all tokens for a user").
    • Create a cheat sheet for Sanctum + Filament CLI commands (e.g., php artisan sanctum:prune).
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
craftcms/url-validator
directorytree/privacy-filter-classifier
directorytree/privacy-filter
datacore/hub-sdk
develia/commons
cuci/prototurk-sdk
cuci/prototurk-sdk-symfony
develia/geo-bundle
dreamzy/livewire-charts
touchestate-sdk/php-sdk
22h/doctrine-garbage-collection-bundle
agtp/agtp-php
agtp/mod-php
splash/sonata-admin
splash/metadata
splash/openapi
splash/scopes
splash/toolkit
testo/output-teamcity
testo/bridge-symfony