Non default guard is being ignored in Laravel 5.5

4
votes

I'm setting up a Laravel project for REST Api. Basically I'm diving users into tow tables, User and Admin (model names). I want to authenticate the admins through the web guard using the Default Laravel's Authentication Scaffold , and authenticate the users through api guard using JWT (package provided by tymondesigns ). Everything went well. I configured the package , setup the guards and providers in app/auth.php and got it working ,almost.

I could now register admins through the Auth Scaffold, and login users through a custom login controller for the user.I tested the admin login on he browser and it was working fine. Then before setting up login for user i changed the default guard in app/auth.php to api (was: web) thinking that it makes sense as the majority of the requests will be done as APIs.I went on to build the custom login controller and tested the custom login.Routes are saved in different files , API routes at routes/api.php and admin routes routes/web.php. I went to test the admin login on the browser again and it was not working any more. Tried to change the default guard to web again and it was working. Somehow the defined guards for each routes are ignored and only the default guard is used. I've read a lot on the web and every thing i tried didn't work.

Here are the files :

config/auth.php 

'defaults' => [
    'guard' => 'api',
    'passwords' => 'users',
],
'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'admins',
    ],
    'api' => [
        'driver' => 'jwt',
        'provider' => 'users',
    ],
],
'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => App\User::class,
    ],
    'admins' => [
        'driver' => 'eloquent',
        'model' => App\Admin::class,
    ]
],
'passwords' => [
    'users' => [
        'provider' => 'users',
        'table' => 'password_resets',
        'expire' => 60,
    ],
    'admins' => [
        'provider' => 'admins',
        'table' => 'password_resets',
        'expire' => 60,
    ]
],

routes/web.php

Route::get('/', function () {
return view('welcome');
});

Auth::routes();

Route::get('home', 'HomeController@index')->name('home');

routes/api.php

Route::middleware('guest')->post('login', 'UserAuth\LoginController@login')->name('user.login');

Route::middleware('auth')->get('user', 'BaseController@loggedUserAPI')
->name('user.user');

Any kind of help or suggestion is appreciated.

1
phplaraveljwt

1 Answers

4
votes

As you said, that you are using the default Authentication Scaffold Laravel provides, you have to override the guard() method in Http/Controllers/Auth/LoginController or otherwise always the default guard will be used.

/**
 * Get the guard to be used during authentication.
 *
 * @return \Illuminate\Contracts\Auth\StatefulGuard
 */
protected function guard()
{
    // specify the guard that should be used for login attempts
    return Auth::guard('web');
}

Also you should modify the Constructor of the LoginController to use the correct middleware:

public function __construct()
{
    $this->middleware('guest:web')->except('logout');
}

In your routes/web.php file you have to tell your auth and guest middleware to use the correct guard ( if it is not the default one )

// for example: 

Route::middleware('auth:web')->get('admin', 'AdminController@dashboard')
->name('user.user');