I think I am getting confused about how to use Laravel Sanctum tokens. Here is my problem
I have a single application which contains both an API and a front-end. The reason for this is the API will be useable by other external sources. But I also want my front-end to use the same API. Otherwise I will be re-creating all my controllers to do the same thing the API controllers do
So users cannot register themselves. An admin will register them and assign them one of three tokens - each token with its own abilities
Now, when a user logs in and goes to the "product" page for example, I want to check that their token has the ability to read products. Some tokens have that ability, some do not. My application controller has the following code to call the API
public function index()
{
$products = Http::withToken('my-token')
->get('https://my-domain/api/v1/products');
return view('products', ['products' => $products->json()]);
}
But what do I put in the my-token string? Every user's token will be different. I cannot get the token because it is encoded in the database and not retrievable.
I am sure the problem is my approach, so how would I achieve this?