I have got a file called
AuthServiceProvider.php
in the Providers directory in Laravel project.
I actually don't understand about how it works and why it's needed
Can anyone explain with details?
Thanks in advance.
AuthServiceProvider is the default guard that Laravel uses to give the service authentication in the system. But if you need you can make your own guards for specific situations, in that case you will have you own AuthServiceProvider.
For eg. In one system that we made, the customer had his own database with it's specific users table, we can't use the default Laraver AuthServiceProvider. Because the table have other fields. So we created our CustomAuthProvider. It's complex, but you need to declare the driver en config/auth.php
...
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
'provider' => 'custom' // Our custom driver
],
...
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'custom', // Our custom driver
],
...
],
...
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => Modules\Pickandroll\Entities\User::class,
],
'custom' => [
'driver' => 'pickandrolluser', //Our Custom Auth Provider
'model' => Modules\Pickandroll\Entities\User::class,
]
],
and the custom module provider we register our custom auth provider
public function register()
{
Auth::provider('pickandrolluser', function ($app, array $config) {
return new PickandrollUserProvider($config['model']);
});
}
and the class PickandrollUserProvider that extends use Illuminate\Contracts\Auth\UserProvider;
I know it's complex but maybe it helps to understand this topic
Related
This is how my config/auth.php looks like.
'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'admin' => [
'driver' => 'jwt',
'provider' => 'admins',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'admins' => [
'driver' => 'eloquent',
'provider' => App\Models\Admin::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
And this is how I defined the guard in my controller:
if (! $token = JWTAuth::attempt($credentials,['guard' => 'admin'])) {
return response()->json(['error' => 'invalid_credentials'], 400);
}
Problem is I have customized admin guard and defined the model that I wanna use but It's looking for default guard and when it does it avoids the custom guard and use default guards providers User model(Which I want to avoid) . To get rid of it I removed the default api guard and now it's saying api guard not defined. If I define I only can use one guard and can't use my customize guard. How can I avoid the default guard and use other two guard ?
In admin controller,
public function __construct(){
\Config::set('auth.defaults.guard','admin');
}
In manager controller,
public function __construct(){
\Config::set('auth.defaults.guard','manager');
}
This solved the problem!
Define a new guard in the guards array of the config/auth.php file. For example, you can add a custom guard like this:
'guards' => [
// ...
'custom' => [
'driver' => 'session',
'provider' => 'users',
],
],
Define a new provider in the providers array of the config/auth.php file. This provider should be responsible for retrieving and authenticating your users. For example, you can add a custom provider like this:
'providers' => [
// ...
'custom' => [
'driver' => 'eloquent',
'model' => App\Models\CustomUser::class,
],
],
Create a new middleware that sets the guard for your custom authentication. For example, you can create a CustomAuthenticate middleware like this:
namespace App\Http\Middleware;
use Illuminate\Auth\Middleware\Authenticate;
class CustomAuthenticate extends Authenticate
{
protected function authenticate($request, array $guards)
{
if (!empty($guards) && $guards[0] === 'custom') {
return auth()->guard('custom')->check();
}
parent::authenticate($request, $guards);
}
}
Apply the new middleware to your routes or controllers. For example, you can add the CustomAuthenticate middleware to your routes like this:
Route::middleware(['auth:custom'])->get('/custom', function () {
return view('custom');
});
or alternatively you can define the guard that you want only to be used within the controller by setting this in your construct method.
public function __construct()
{
$this->middleware('auth:custom');
}
To set the users guard upon logging in you can do within your login post request within your Login controller.
if (Auth::guard('custom')->attempt($credentials)) {
// Authentication passed...
return redirect()->intended('dashboard');
}
When youre logging in to set the guard with JWTAuth you can do;
$token = JWTAuth::guard('custom')->attempt($credentials);
i use this package :
https://github.com/spatie/laravel-permission/tree/v2
code :
$user=User::find(2);
$user->assignRole('admin');
and when i assign admin role to user I'm dealing with this error
There is no role named admin.Spatie\Permission\Exceptions\RoleDoesNotExist
this is my default guard in auth.php :
<?php
return [
'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => false,
],
],
this is my roles table :
this is my role_has_permission table
and this is my permission table :
just add this protected property to your user model(or whatever model you are using for assigning permissions and roles).
protected $guard_name = 'api';
Add one of the following to your User model:
public $guard_name = 'api';
Or:
public function guardName()
{
return 'api';
}
As a convention it's best to do configurable things in the config file.
The problem with your code is the order of arranging your guards, just re-arrange as seen below.
<?php
return [
'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
'guards' => [
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => false,
],
'web' => [
'driver' => 'session',
'provider' => 'users',
],
],
...
Once this is done, you don’t need to add protected $guard_name = 'api'; to your User model, ensure to run php artisan config:clear
Ref: Saptie Laravel Permisions
friends! I found solution for this problem but first of all, i illustrate why this problem happened. As you know, Laravel read the codes from top to bottom and from left to right. Moreover when we want from laravel fresh all data by command
php artisan migrate :fresh --seed
It clears all this data and the problem begin. By other word, when assign Role command to check for new role it fails because all data is cleared before it access to those data. To avoid this we should set Role seeder class before Admin seeder class in database seeder
class DatabaseSeeder extends Seeder
{
/**
* Seed the application's database.
*
* #return void
*/
public function run()
{
$this->call([RoleSeeder::class, AdminSeeder::class]);
}
}
Add this to your user model
use Spatie\Permission\Traits\HasRoles;
and in a user model class
use HasRoles;
Here is a reference
Complete example
This worked for me:
$role = Role::create(['guard_name' => 'admin', 'name' => 'manager']);
Can we use laravel passport with different guards to authenticate APIs for two different types of users.
For example we have driver app for driver user and vendor app for vendor user. Both have their different models Driver and Vendor.
How can we use different guards to authenticate both types of users using Laravel Passport?
I managed to create multiple auths (with laravel/passport) by using a simple middlware.
Step 1: config/auth.php
Add your user classes to providers
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'basic_users', // default
],
],
...
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'admin_users' => [
'driver' => 'eloquent',
'model' => App\AdminUser::class,
],
'basic_users' => [
'driver' => 'eloquent',
'model' => App\BasicUser::class,
],
],
Clean the cache via CLI
php artisan config:cache
Step 2: Create middleware
php artisan make:middleware AdminUserProvider
Open the newly created middleware in app/Http/Middleware and update the hand method like below
public function handle($request, Closure $next)
{
config(['auth.guards.api.provider' => 'admin_users']);
return $next($request);
}
Step 3: Register your middleware
Add the newly created middleware to $routeMiddleware
protected $routeMiddleware = [
...
'auth.admin' => \App\Http\Middleware\AdminUserProvider::class,
];
and make sure it's at the top of $middlewarePriority
protected $middlewarePriority = [
\App\Http\Middleware\AdminUserProvider::class,
...
];
Step 4: Add middleware to route
Route::group(['middleware' => ['auth.admin','auth:api']], function() {
Step 5: LoginControllers (AdminUserController & BasicUserController)
public function login()
{
$validatedData = request()->validate([
'email' => 'required',
'password' => 'required|min:6'
]);
// get user object
$user = AdminUser::where('email', request()->email)->first();
// do the passwords match?
if (!Hash::check(request()->password, $user->password)) {
// no they don't
return response()->json(['error' => 'Unauthorized'], 401);
}
// log the user in (needed for future requests)
Auth::login($user);
// get new token
$tokenResult = $user->createToken($this->tokenName);
// return token in json response
return response()->json(['success' => ['token' => $tokenResult->accessToken]], 200);
}
In summary:
The login controllers use Eloquent models to get the user object and then log the user in through Auth::login($user)
Then for future requests that need authentication, the new middleware will change the api auth guard provider to the correct class.
Edit: Passport now has support for multiple guard user providers. Please refer the following links for more infos:
Multiple Authentication Guards
Support For Multiple Guards
Old answer (I would not recommend it)
Here is an example of auth.php and api.php to start with
config/auth.php
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'driver-api' => [
'driver' => 'passport',
'provider' => 'drivers',
],
'vendor-api' => [
'driver' => 'passport',
'provider' => 'vendors',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'drivers' => [
'driver' => 'eloquent',
'model' => App\Driver::class,
],
'vendors' => [
'driver' => 'eloquent',
'model' => App\Vendor::class,
],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
],
'drivers' => [
'provider' => 'drivers',
'table' => 'password_resets',
'expire' => 60,
],
'vendors' => [
'provider' => 'vendors',
'table' => 'password_resets',
'expire' => 60,
],
],
];
routes/api.php
<?php
use Illuminate\Http\Request;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
*/
Route::group(['namespace' => 'Driver', 'prefix' => 'driver/v1', 'middleware' => 'auth:driver-api'], function() {
// define your routes here for the "drivers"
});
Route::group(['namespace' => 'Vendor', 'prefix' => 'vendor/v1', 'middleware' => 'auth:vendor-api'], function() {
// define your routes here for the "vendors"
});
You have to modify this files:
File: vendor\laravel\passport\src\Bridge\UserRepository.php
Copy/Paste getUserEntityByUserCredentials to make a duplicate of it and name it getEntityByUserCredentials
Then, in the new duplicated function, find the below:
$provider = config('auth.guards.api.provider');
And Replace it with:
$provider = config('auth.guards.'.$provider.'.provider');
File: vendor\league\oauth2-server\src\Grant\PasswordGrant.php
in : validateUser method add after $username and $password :
$customProvider = $this->getRequestParameter('customProvider', $request);
if (is_null($customProvider)) {
throw OAuthServerException::invalidRequest('customProvider');
}
And this instead of the original line
$user = $this->userRepository->getEntityByUserCredentials(
$username,
$password,
$this->getIdentifier(),
$client,
$customProvider
);
After doing this you'll be able to pass an extra key/value pair to your access token request, like for example:
grant_type => password,
client_id => someclientid
client_secret => somesecret,
username => someuser,
password => somepass,
client_scope => *,
provider => driver-api // Or vendor-api
I hope this will be helpful for you
After spent time I have found that in Laravel 7 there is no custom code required except some configuration. For details please check this answer I have tested & implemented in my projects
Multi Auth with Laravel 5.4 and Passport
You don't necessarily need to change config for each request.
You need a client for each guard. After creating clients by running
passport:install
Make sure you specified provider field in database. It should be same value as auth.providers config.
After creating clients and guards, use following code when creating an access token.
App::clearResolvedInstance(ClientRepository::class);
app()->singleton(ClientRepository::class, function () {
return new ClientRepository(User::CLIENT_ID, null); // Client id of the model
});
Make sure you specified provider in oauth_clients table.
How can i change the default user model to use other database table instead of users table in laravel 5.3, is adding
protected $table = 'my_table_name';
will do everything or do i have to change the providers and all.
I dont wish to use multiple authentication like admin, customers etc i just want one authentication model but not with the table "users".
I am preparing an application which has multiple type of users like admin, astrologers and users. all of them have different attributes so i cant use single model with access control in it so i have decided to divide the application into 3 websites to use single database and host them in subdomains like
admin.mywebsite.com
astrologer.mywebsite.com
www.mywebsite.com
earlier i was using multiauth/hesto plugin but for some strange reason it's not redirecting me to the intended url after login and registration. any help will be appreciated.
check this one Using Different Table for Auth in Laravel
Edit app/config/auth.php to change the table.
'table' => 'yourTable'
'model' => 'YourModel',
then your model:
use Illuminate\Auth\UserTrait;
use Illuminate\Auth\UserInterface;
use Illuminate\Auth\Reminders\RemindableTrait;
use Illuminate\Auth\Reminders\RemindableInterface;
class YourModel extends Eloquent implements UserInterface, RemindableInterface
{
use UserTrait;
use RemindableTrait;
protected $table = 'your_table';
protected $fillable = array('UserName', 'Password');
public $timestamps = true;
public static $rules = array();
}
You can specify which database to use using the $connection attribute in your model:
class MyModel extends Eloquent
{
protected $connection = 'another-database-connection';
}
I'm not sure it's what you're looking for tho. That said, if you want to use the same Laravel application for multiple subdomains, I'd recommend checking the documentation which explains how to use subdomains in your routes:
https://laravel.com/docs/5.3/routing#route-group-sub-domain-routing
This would allow you to have a single User class and a single application but have specific routes for each of your 3 subdomains.
go to your config\auth.php
modify the configuration
'guards' => [
'astrologer' =>[
'driver' => 'session',
'provider' => 'astrologer',
],
'admin' => [
'driver' => 'session',
'provider' => 'admin',
],
],
'providers' => [
'astrologer' => [
'driver' => 'eloquent',
'model' => App\Astrologer::class,
],
'admin' => [
'driver' => 'eloquent',
'model' => App\Admin::class,
],
See answer here for more details: Can anyone explain Laravel 5.2 Multi Auth with example
Go to config/auth.php
Change the provider for this case I changed the api provider from user to custom_user and then use custom_user model class
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver'=>'passport',
'provider'=>'custom_user'
],
]
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'custom_user' => [
'driver' => 'eloquent',
'model' => App\custom_user::class,
],
]
Please, can anybody explain how to implement multiple authentication guards in Lumen framework? Currently, I have two authenticatable models: Users and Clients. I'm using a custom implementation of JWT. A User has client_id and user_id fields in their token payload. While a Client only has client_id. Based on this I need to determine who came to me: client, user or guest (without a token).
auth.php
'guards' => [
'client' => [
'driver' => 'token',
'provider' => 'clients',
],
'user' => [
'driver' => 'token',
'provider' => 'users',
],
],
'providers' => [
'clients' => [
'driver' => 'eloquent',
'model' => App\Client::class,
],
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
],
AuthServiceProvider.php
public function boot()
{
$this->app['auth']->viaRequest('token', function ($request) {
$access_token = HelperClass::getTokenFromHeader($request->headers->get('Authorization'));
if ($access_token) {
$tokendata = JWT::decode($access_token, getenv('TOKEN_SECRET'), array('HS256'));
if ($tokendata->user_id) {
return User::find($tokendata->user_id);
}
return Client::find($tokendata->client_id);
}
});
}
routes.php
$app->get('/api/{item_id:\d+}', ['middleware' => 'auth:user', 'uses' => 'App\Http\Controllers\ItemController#get']);
I want to allow only Users to access this route, but Clients successfully pass this middleware too: Auth::check() returns true and Auth::user() returns an instance of App\Client 😕
Another situation: what if for some routes I want to allow both: clients and users. For another routes - guests, clients and users.