Laravel 5.2 Multi Auth with Multiple Models
There are so many packages available in Laravel for multiple authentication, here in this Laravel auth tutorial, I will tell you how you can authenticate your application with example.
As you know that the traditional web based application authentication layer is default authentication guard where you generally post email and password to a controller and in controller you validate your credentials and according response if you get invalid then you redirects otherwise you save the information to the session.You can see the default authentication "guard" in following path config/auth.php. you can change it but for this is the best way to start any application.
- 'defaults' => [
- 'guard' => 'web',
- 'passwords' => 'users',
- ],
- 'guards' => [
- 'web' => [
- 'driver' => 'session',
- 'provider' => 'users',
- ],
- 'api' => [
- 'driver' => 'token',
- 'provider' => 'users',
- ],
- ],
As you can see both are connected to same provider users
.
You can also customize your Auth providers.
But suppose when you are working with api in same app where you authenticate your app with unique JSON web tokens or something else that is not stored in session so in this case you need multiple authentication that are used for both, for web and for api.
As you will see in auth.php
there are already defined two guards, one for web which is known as classic Laravel authentication layer and second one for api which is known as token based driver.
If your application are using TokenGuard
to authenticate the request then made changes in auth.php
file from default web to api. This authentication mode inform to Laravel to use middleware api based authentication, Because Laravel will use whatever you have set default in auth.php
.
Token based Authenticaton
If you are trying to authenticate your application in api version of middleware then add a column api_token
in your user table.
Use auth:api
middleware to protect your application when you are working with token based authentication.
here is simple example for route group :
- Route::group(['prefix' => 'api/user', 'middleware' => 'auth:api'], function () {
- Route::post('/store', 'UserController@store');
- });
If you will now use :api
in middleware then Laravel won't identify that your app are using the driver for the api
guard then it typically protect your routes from suspicious users.
Now question is how you can get user details when you use token based authentication via auth:api
middleware.
Normally you get user details by using following line of code.
- Auth::user();
Now you will get user details for the API request by using following line of code.
- Auth::guard('api')->user();
You can create your own drivers and guards but if you think it is very simple to create your own drivers then i can tell you its not easy to create drivers as you create guard.
There are several packages available with Laravel for multiple authentication.
Example of sarav/laravel-multiauth package
This is very simple Laravel package for multi authentication.
Step1: Run Composer to include packagescomposer require sarav/laravel-multiauthStep2: Replace your default auth service provider
"Illuminate\Auth\AuthServiceProvider::class" with "Sarav\Multiauth\MultiauthServiceProvider::class"Step3: Made changes in auth.php
- 'multi' => [
- 'user' => [
- 'driver' => 'eloquent',
- 'model' => App\Model\User::class,
- 'table' => 'users'
- ],
- 'useradmin' => [
- 'driver' => 'eloquent',
- 'model' => App\Model\Admin::class,
- 'table' => 'useradmins'
- ]
- ],