// the find
taylorotwell/next-example-backend
The Laravel backend half of a Laravel Sanctum + Next.js starter kit, maintained by Taylor Otwell himself. It handles cookie-based auth for a decoupled Next.js frontend using Sanctum's SPA authentication — session cookies, not tokens.
Cookie-based Sanctum auth is the right call for a same-origin SPA setup — avoids token storage headaches in the browser. The auth controller split is clean: each flow (register, login, password reset, email verify) gets its own controller rather than one god class. Test coverage for all auth paths is included and actually runs against real Laravel test infrastructure, not mocked stubs. Coming from Taylor directly means the patterns here are canonical Laravel, not cargo-culted.
Last commit was November 2021 — Laravel has shipped 10.x, 11.x since then, and the in-repo patterns (kernel-based middleware, old provider structure) reflect the pre-Laravel 11 architecture that was largely flattened. The `FRONTEND_URL=http://localhost` note about avoiding same-origin issues is a vague workaround with no explanation of what breaks and why. There are zero API routes beyond auth — nothing showing how to structure actual application endpoints, so the 'starter' label is generous. Anyone picking this up today should cross-reference against the official Laravel Breeze API stack instead, which is actively maintained and covers the same ground.