v4.3.1 - 2026-02-07
- [4.x] Supports Laravel 13 by @crynobone in laravel#587
v4.3.0 - 2026-01-22
- Add optional last_used_at tracking configuration by @MElkmeshi in laravel#583
- [4.x] Fix tests by @jackbayliss in laravel#584
- [4.x] Fix failing test on Laravel > 11 by @jackbayliss in laravel#585
- [4.x] Use property promotion by @jackbayliss in laravel#586
v4.2.4 - 2026-01-15
- Allow nullable $passwordHash by @BnitoBzh in laravel#582
v4.2.3 - 2026-01-11
- Allow null password hash by @patrickomeara in laravel#581
v4.2.2 - 2026-01-06
- Support HMAC password hash format from Laravel 12.45.0+ by @ams-ryanolson in laravel#578
v4.2.1 - 2025-11-21
- [4.x] Remove
@returndocblocks on constructors by @CasEbb in laravel#575 - [4.x] PHP 8.5 Compatibility by @crynobone in laravel#576
v4.2.0 - 2025-07-09
- [Refactor] Add indexes to personal_access_tokens by @keshav-k3 in laravel#571
v4.1.2 - 2025-07-01
- [4.x] Factor token
last_used_atupdate into separate method by @cosmastech in laravel#567 - refactor: use text for name column by @reidsolon in laravel#570
v4.1.1 - 2025-04-23
- Fixes inconsistency in Sanctum::currentApplicationUrlWithPort() and Sanctum::currentRequestHost() by @denjaland in laravel#565
v4.1.0 - 2025-04-22
- Update logo by @iamdavidhill in laravel#562
- Feature to treat same domain requests to be from frontend and make stateful by @denjaland in laravel#564
v4.0.8 - 2025-01-26
- Supports Laravel 12 by @crynobone in laravel#556
v4.0.7 - 2024-12-11
- [4.x] Add
tokenCant()helper function toHasApiTokensby @chester-sykes in laravel#552
v4.0.6 - 2024-11-26
- Add leading slash to @template tag in HasTokens by @omnicolor in laravel#550
v4.0.5 - 2024-11-26
- [4.x] Supports PHP 8.4 by @crynobone in laravel#542
- [4.x] Remove generic requirement that token is an instance of a Model by @cosmastech in laravel#549
v4.0.4 - 2024-11-15
- [4.x] Add Generics to
HasApiTokensby @cosmastech in laravel#544 - [4.x] Add generics by @cosmastech in laravel#545
v4.0.3 - 2024-09-27
- Fix: Cast Model Key to Integer for PostgreSQL Performance Improvement by @BakhadyrovF in laravel#524
- Revert "Fix: Cast Model Key to Integer for PostgreSQL Performance Improvement" by @driesvints in laravel#526
- Replace dead link in Security Policy by @Jubeki in laravel#528
- Update logo to support dark/light theme by @milewski in laravel#536
v4.0.2 - 2024-04-10
- Fix/unable to logout by @GigaGiorgadze in laravel#511
v4.0.1 - 2024-03-19
- [4.x] Make commands lazy by @timacdonald in laravel#502
v4.0.0 - 2024-03-12
- [4.x] Adds Laravel 11 support by @nunomaduro in laravel#480
- Matching method to contract for createToken() by @gammamatrix in laravel#498
v3.3.3 - 2023-12-19
- Updated
CsrfCookieControllerto use named arguments by @OussamaMater in laravel#487 - Extract generate token method by @mowangjuanzi in laravel#488
v3.3.2 - 2023-11-03
- Fix typo in config by @cosmastech in laravel#476
- Accept null as a parameter for
Sanctum[@getAccessTokenFromRequestUsing](https://github.com/getAccessTokenFromRequestUsing)()by @cosmastech in laravel#477
v3.3.1 - 2023-09-07
- Re-arrange middleware by @taylorotwell in https://github.com/laravel/sanctum/commit/d1f8bf7f2bdc39ba2a11f1d067b96d31d18246c8
v3.3.0 - 2023-09-04
- Use crc32b instead of crc32 by @marzvrover in laravel#468
- Ensure device has not been logged out by @crynobone in laravel#467
- Do not prefix by default by @taylorotwell https://github.com/laravel/sanctum/commit/95a0181900019e2d79acbd3e2ee7d57e3d0a086b
v3.2.6 - 2023-08-22
- Make tokens identifiable with prefix and checksum by @marzvrover in laravel#459
- Add deprecated annotation in
MissingScopeExceptionby @hungthai1401 in laravel#462
v3.2.5 - 2023-05-01
- Fix middleware by @taylorotwell in https://github.com/laravel/sanctum/commit/8ebda85d59d3c414863a7f4d816ef8302faad876
v3.2.4 - 2023-04-26
- Check for validate CSRF token by @taylorotwell in https://github.com/laravel/sanctum/commit/f5bae6156c760545f368438198327e2609ba7bf1
v3.2.3 - 2023-04-25
- Revert "check for validate csrf token middleware" by @driesvints in https://github.com/laravel/sanctum/commit/6281ce796d464592867f768eb890642aa1954bd0
v3.2.2 - 2023-04-21
- Check for validate csrf token middleware by @taylorotwell in https://github.com/laravel/sanctum/commit/bbcb052de3fe075a67446e8c5c8ffcb191a1fb24
v3.2.1 - 2023-01-13
- Fix bearer token format validation by @krasucki in laravel#417
v3.2.0 - 2023-01-06
- Laravel v10 Support by @driesvints in laravel#415
v3.1.0 - 2023-01-03
- Uses PHP Native Type Declarations 🐘 by @nunomaduro in laravel#405
v3.0.1 - 2022-07-29
- Update migration's primary identifier change by @suyar in laravel#386
- Prune expires_at tokens by @iruoy in laravel#385
v3.0.0 - 2022-07-25
- Expiration dates for tokens by @bjhijmans in laravel#252
- Improves console output by @nunomaduro in laravel#382
- Shorter tokens by @taylorotwell in https://github.com/laravel/sanctum/commit/c46fc083ab52f2ddac97ee4510486f90fc94f220
- Drop old Laravel and PHP versions by @driesvints in laravel#378
v2.15.1 - 2022-04-08
- Added custom auth token header support by @CodesignDev in laravel#354
v2.15.0 - 2022-03-28
- Add sanctum:prune-expired command for removing expired tokens. by @yuraplohov in laravel#348
- Add exit codes to command by @driesvints in laravel#351
v2.14.2 - 2022-02-22
- Use config function by @taylorotwell in commit
v2.14.1 - 2022-02-15
- Add helper for current app url with port (5702317)
- Laravel 9 support (#329)
- Add guard to config (f811d5c)
- Rename
CheckScopesandCheckForAnyScopetoCheckAbilitiesandCheckForAnyAbility(#312)
- Add CheckScopes and CheckForAnyScope Middleware (#310)
- Revert "fix: replace hardcoded "web" guard by
config('sanctum.guard')" (#309)
- Replace hardcoded "web" guard by
config('sanctum.guard')(#307)
- Ignore updating
last_used_atfor deciding the DB connection host (#283, 2c8b9a1) - Fix resolving wrong app instance on Octane (#285, #286)
- Only parse APP_URL for default stateful domains when it's set (#279)
Sanctum::$accessTokenAuthenticationCallbackcallback for more granular control over access token validation (#275, 9c07921, #276)
- Add HasApiTokens contract to complement trait (#270)
- Use app helper (60f2809)
- Environment APP_URL added into the default sanctum.stateful configuration (#264)
- Changed Primary Key will not be used in created token's plainTextToken (#262)
- Avoid running string functions when domain is null (#258)
- Return json response when the request expects a json (#247)
- Fix user provider in
sanctumguard (#225)
- Add default nextjs address to stateful (e86d3e0)
- PHP 8 Support (#213)
- Adds origin header fallback (#204)
- Shorten tokens (#186)
- Laravel 8 support (#184)
- Use the correct
Str::endsWithparameter order (#163)
- Added Multiple Provider Support (#149)
- Fixed Host Problem (#155)
- EncryptCookies middleware option in config/sanctum.php (#147)
- Add routes config option (6cf798f)
- 419 Exception with requests without referrer (#139)
- More performant tokens lookup (#136)
- No need to specify a provider (#129)
- Allow customizing the query used to get the token (#124)
- Enhance supportsTokens check (#123)
actingAsany ability (#120)
- Make the guard configurable (#110)
- Renamed package to Sanctum
- Allow localhost ip access by default (#81)
- Update minimum Laravel version to ^6.9 (#89)
- Fix wildcard matching (d8de232, 9a66e76)
First stable release.
- Allow .env configuration of stateful domains (#70)
- Added user mocking using actingAs (#51)
- Add a CSRF middleware config variable (#54, 4f77acd, 7df454d)
- Modify PersonalAccessToken Model to be polymorphic (#49)
Initial commit.