Ad

LARAVEL: Multiple Drivers For One Auth Guard

I am trying to figure out to provide multiple ways of authentication for the API service within my Laravel app. The app is a SPA using Vue.js and uses the API route to render and present all the view components. Currently, I am using a JWT driver for the API guard within the application. However, I'd also like to offer my clients the ability to access the same API via OAuth and Laravel's personal API token. With that being said, how do I protect my resources with the Auth middleware where it can be accessed internally with a JWT or externally by a client with OAuth or an API Token.

Controller:

/**
 * Create a new controller instance.
 *
 * @return void
 */
public function __construct()
{
    // Make sure user is authenticated
    $this->middleware('auth:api');
    //$this->middleware('auth:oauth');
}

Auth Guards:

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'api' => [
        'driver' => 'jwt',
        'provider' => 'users',
    ],
    'oauth' => [
        'driver' => 'token',
        'provider' => 'users',
    ]
],
Ad

Answer

If you want to be able allow multiple guards for your routes you can supply the different guards to the middleware call, like you have done already with the api guard, except you supply them as comma separated values:

$this->middleware('auth:api,oauth,web');

This will mean that if a user has been authenticated with one of the guards they will be able to access the route(s).

Ad
source: stackoverflow.com
Ad