# Laravel Authentication ## Docs - [2D vs 3D: Choosing Your Adoption Mode](https://docs.sinemacula.com/concepts/adoption-modes.md): Compare 2D mode where Identity equals Principal, and 3D mode where a separate Principal and Tenant model support multi-tenant apps. - [JWT and HTTP Basic Guards](https://docs.sinemacula.com/concepts/guards.md): Learn how the JWT bearer-token guard and HTTP Basic guard work in Laravel Authentication, including registration and contextual resolution. - [Identity, Principal, Device, and Tenant Explained](https://docs.sinemacula.com/concepts/identity-principal-device.md): Learn what Identity, Principal, Device, and Tenant mean in Laravel Authentication and why separating them improves multi-tenant security. - [Advanced Configuration Options](https://docs.sinemacula.com/configuration/advanced.md): Configure bearer identity caching, credential timebox, per-guard principal resolvers, and identifier field overrides for fine-grained control. - [Device Tracking Configuration](https://docs.sinemacula.com/configuration/device-tracking.md): Configure the device model, table name, refresh key column, and last-seen throttle for Laravel Authentication's device tracking feature. - [JWT Configuration Reference](https://docs.sinemacula.com/configuration/jwt.md): Configure JWT signing secrets, key rotation, algorithm, TTLs, issuer, audience, and per-guard overrides for Laravel Authentication. - [Authentication Events Reference](https://docs.sinemacula.com/events.md): Laravel Authentication fires standard Laravel events plus custom events for principal assignment, device authentication, and refresh rotation. - [Set Up 2D Authentication (Identity = Principal)](https://docs.sinemacula.com/guides/2d-setup.md): Configure Laravel Authentication in 2D mode where a single model acts as both Identity and Principal — ideal for simple or single-tenant apps. - [Set Up 3D Multi-Tenant Authentication](https://docs.sinemacula.com/guides/3d-setup.md): Configure Laravel Authentication in 3D mode with separate Identity, Principal, and Tenant models for multi-tenant SaaS applications. - [Enforce Active State on Identities and Principals](https://docs.sinemacula.com/guides/active-state.md): Use the CanBeActive contract to block suspended or banned users on every authentication path without relying on short token lifetimes. - [Set Up HTTP Basic Authentication](https://docs.sinemacula.com/guides/http-basic.md): Register the basic guard driver for credential-based authentication with constant-time validation and configurable identifier field support. - [Issue JWT Access and Refresh Tokens](https://docs.sinemacula.com/guides/issuing-tokens.md): Call issueAccessToken and issueRefreshToken on the guard-scoped JwtTokenService to mint tokens for authenticated users and devices. - [Rotate JWT Signing Keys Without Downtime](https://docs.sinemacula.com/guides/key-rotation.md): Use kid-based JWT key rotation to introduce new signing keys, verify against a key map, and retire old keys once existing tokens expire. - [Refresh Token Rotation and Replay Detection](https://docs.sinemacula.com/guides/refresh-rotation.md): Exchange a refresh token for a new access and refresh token pair using the JWT guard's refresh() method with atomic rotation and replay detection. - [Install Laravel Authentication](https://docs.sinemacula.com/installation.md): Install the sinemacula/laravel-authentication package via Composer, publish the config file and device migration, then run migrate. - [What Is Laravel Authentication?](https://docs.sinemacula.com/introduction.md): Learn the Identity, Principal, Device, and Tenant model that Laravel Authentication uses to provide contextual stateless auth for Laravel apps. - [Quick Start: JWT Guard in 10 Minutes](https://docs.sinemacula.com/quickstart.md): Set up your first JWT bearer-token guard, implement the Identity model, issue an access token, and protect a route — in under 10 minutes. - [Security Model and Hardening Defaults](https://docs.sinemacula.com/security.md): Learn how Laravel Authentication's JWT pipeline, refresh rotation, and fail-closed defaults protect your app against common attack vectors.