I am using laravel 5.6. I tried to use JWT. That's why I made some modification followed by https://jwt-auth.readthedocs.io/en/develop/quick-start/ . Now jwt is working properly.I checked it by postman. But when I try to use laravel basic login with email and password it does not work. Thanks in advance
I also made change on
'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
...
'guards' => [
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
],
is because you are telling laravel to use jwt as driver and the laravel basic login use session as driver, if you want to have both you may need to put this
'web' => [
'driver' => 'session',
'provider' => 'users',
],
and especify the guard that you will use for the login
if (Auth::guard('web')->attempt($credentials)) {
//
}
Related
I'm trying to set-up Laravel authentication using sanctum. I'm able to create a successful login function, which returns a token (bearer), but once that bearer is added to a next request using postman, a 401 unauthorized is received, and I cannot figure out why. I'm running the setup using XAMPP (127.0.0.1:8000).
Config/auth contains the following guards
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users'
]
],
The config/sanctum guard is set to api.
I've added (and tested with) the following variables in the .env file;
SESSION_DOMAIN='localhost'
SANCTUM_STATEFUL_DOMAINS='localhost:8000'
Lastly, routes are set as follows;
Route::middleware('auth:sanctum')->group(function () {
Route::apiResource('friends', FriendsController::class);
});
I'm now unsure what the issue could possibly be.
I am trying to make Laravel using multiple guards - depending on the authentication type.
When I am authenticating via API, I would like to use jwt guard. When I am authenticating through web, I want to use session guard.
My config\auth.php looks like this:
'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'jwt',
'provider' => 'users',
//'hash' => false,
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
]
My routes/web.php looks like this:
Route::get('/', 'HomeController#index')->name('home');
Auth::routes();
Route::get('/home', 'HomeController#index')->name('home');
My routes/api.php looks like this:
Route::post('login', 'AuthController#login');
Route::get('logout', 'AuthController#logout');
Route::post('refresh', 'AuthController#refresh');
Route::get('me', 'AuthController#me');
What I am getting is that API authentication works fine, while the web doesn't. I have debugged and it seems like it is always checking the jwt guard.
Can someone help me, how can I set the guard on a route if that is possible or on Auth::routes() call?
I have solved it by switching default to web routes.
Then I updated the code for app/Http/Controllers/AuthController.php to use the specific api auth wherever I was using the auth method:
auth('api')->attempt($validator->validated()) and 'expires_in' => auth('api')->factory()->getTTL() * 60
So i've made an API with the guidance of Laravel's documentation here and this question here. One problem i encountered was that OAuth can only be accessed if I am authenticated with Auth.
However, since the application i am making is API only, i was wondering how i could use auth:api as my middleware for oauth links instead of auth. The result that should happen would be that i could create clients when i am authenticated with Auth:Api.
Route:List
How I'm currently authenticating my users (This is just a reference i took from the documentation):
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'username' => 'taylor#laravel.com',
'password' => 'my-password',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
AuthServiceProvider has:
Passport::Routes()
Lastly, is it possible to set the expire of an individual personal access token?
Did you change your config/auth.php to utilize passport for API authentication?
config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport', #Right here
'provider' => 'users',
],
],
https://laravel.com/docs/5.8/passport
I have multiple entities in my application that need to be authenticated. So I defined multiple guards to do so:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'customers',
],
'customer' => [
'driver' => 'passport',
'provider' => 'customers',
],
'partner' => [
'driver' => 'passport',
'provider' => 'partners',
],
'admin' => [
'driver' => 'passport',
'provider' => 'admins',
],
],
Then in my Login controllers I have the following condition:
if (Auth::guard('admin')->attempt(['email' => $email, 'password' => $password])) {
...
...
}
when I try to do so (even though it's written in the docs) I get an error telling me that "method attempt does not exist".
So I try defining the guard method on the controller (also like the docs) like this:
protected function guard()
{
return Auth::guard('admin');
}
authentication still doesn't work with the right credentials (I tried to check what guard the Auth facade was using before the attempt using dd(Auth::guard()) and it was the default web guard.
I tried removing the web guard from the default guards array in auth config. didn't work.
I also tried config:clear and rerunning the server but nothing worked!
I am out of ideas. I know that I can write my own simple login, but why reinvent the wheel, and I was following the docs to the letter. help.
I am using Laravel 5.5 with JWT dev-develop. I have also set my auth drivers for web.
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
],
But, the above configuration doesn't give me JWT Bearer Token. When I replace web with api, Auth::attempt($credentials) gives me JWT token instead of session.
Any ideas how to use both at the same time?
Auth::attempt($credentials) override actual method when you using JWT and giving you JWT Token.
You can also check this function in tymon\src\JWTAuth.php
You can both as use default guard as as web and use
JWTAuth::attempt($credentials) to get JWT Token