Laravel Passport - Authenticating web app against api with Custom UserProvider

0
votes

I'm really new building laravel apps, I have a restful laravel API and a web app, I want the client web app to authenticate against the API and store the user in the session, I've registered a new UserProvider and set it on the config`s auth like bellow

ServiceProvider

public function boot()
{
    $this->registerPolicies();

    Auth::provider('apiAuthServiceProvider', function ($app, $config) {
        return new UserProvider(new ApiUserService());
    });
}

Config/Auth

'providers' => [
    'users' => [
        'driver' => 'apiAuthServiceProvider',
    ],
],

UserProvider Class

    <?php

namespace App\Providers;

use Illuminate\Support\ServiceProvider;
use Illuminate\Contracts\Auth\UserProvider as IlluminateUserProvider;

    class UserProvider implements IlluminateUserProvider
    {
        private $userService;

        public function __construct($userService)
        {
            $this->userService = $userService;
        }

        /**
         * @param  mixed  $identifier
         * @return \Illuminate\Contracts\Auth\Authenticatable|null
         */
        public function retrieveById($identifier)
        {
            // Get and return a user by their unique identifier
        }

        /**
         * @param  mixed   $identifier
         * @param  string  $token
         * @return \Illuminate\Contracts\Auth\Authenticatable|null
         */
        public function retrieveByToken($identifier, $token)
        {
            // Get and return a user by their unique identifier and "remember me" token
        }

        /**
         * @param  \Illuminate\Contracts\Auth\Authenticatable  $user
         * @param  string  $token
         * @return void
         */
        public function updateRememberToken(Authenticatable $user, $token)
        {
            // Save the given "remember me" token for the given user
        }

        /**
         * Retrieve a user by the given credentials.
         *
         * @param  array  $credentials
         * @return \Illuminate\Contracts\Auth\Authenticatable|null
         */
        public function retrieveByCredentials(array $credentials)
        {
            // Get and return a user by looking up the given credentials
        }

        /**
         * Validate a user against the given credentials.
         *
         * @param  \Illuminate\Contracts\Auth\Authenticatable  $user
         * @param  array  $credentials
         * @return bool
         */
        public function validateCredentials(Authenticatable $user, array $credentials)
        {
            // Check that given credentials belong to the given user
        }
    }

The Custom UserProvider injects a UserService class, with is responsible for making requests to the API and return the user...

I`m so lost, what UserProvider methods should i override from "UserProvider" Interface? "retrieveById", "retrieveByToken", "updateRememberToken", "retrieveByCredentials" and "validateCredentials" ? Or should I override all of them? Considering the the client web app will have a login form, and the user will authenticate sending the email and password (grant_type = password), I'm also confusing about the token, how should I store the token and refresh token in the session? Is that possible to set session timeout as the same as the token expiration time? Where would I call the retrieveByCredentials's UserProvider to pass the authentication params? Thanks in advance....

1
laraveloauth-2.0restful-authenticationlaravel-passport
I've posted a partial answer about the functions need to be overriden. Could you please clarify what kind of scenario are you on that you need custom user providers using passport? Does the default user provider works fine? Does the tokens you are talking about are passport tokens, or do you mean something like PHPSESSID?Hugo A

1 Answers

0
votes

You should override only the functions you need. Most of the standard functionality should be already defined in the User Provider you are inheriting from. I've only inherited my custom user providers from Illuminate\Auth\EloquentUserProvider (Laravel 5.4 here), so please double check how the class you are inheriting from works. If, for example, you need to retrieve your user by an ID different than your default id field, you should override retrieveById.