LoginUsingId() not working within midleware jwt.auth, Laravel 5

- 1 answer

Ad

This has been driving me crazy for 2 hours can't seem to fix it if I put my routes inside the jwt.auth midleware. I want to login as another user while I am already logged in as admin from my admin dashboard using the LoginUsingId() function in Laravel, and it works all good if I dont pass the token as parameter, but I have to protect my api using the jwt token so I cant remove the midleware jwt.auth.. Is there anyway that I can make it work even the routes are inside the midleware jwt.auth?

Working example:

//Login as other User
Route::post('users/loginas/{userId}', ['as' => 'login_as', 'uses' => '[email protected]']);
Route::get('classes/{class_id}/market_feeds', ['as' => 'show_market_feeds', 'uses' => '[email protected]']);
Route::group(['middleware' => 'jwt.auth'], function () {

})

Not working:

Route::group(['middleware' => 'jwt.auth'], function () {
//Login as other User
Route::post('users/loginas/{userId}', ['as' => 'login_as', 'uses' => '[email protected]']);
Route::get('classes/{class_id}/market_feeds', ['as' => 'show_market_feeds', 'uses' => '[email protected]']);
})

My Controller for switching user looks like:

public function loginAs($userId)
{
    Auth::logout();
    Auth::loginUsingId($userId, true);
    return response()->json(['logged' => Auth::check(), 'user' => Auth::user()->username, 'id' => Auth::user()->id]);
}

Works good and I can see the user details... but when I try to make another call like calling this function:

public function displaySomethingElse($classId)
{
    return response(array('username'=>Auth::user()->username,'id' => Auth::user()->id));
}

It returns the admin user, not the specific user I want...

I hope I was enough clear.

Ad

Answer

Ad

One approach that you can follow is to generate the token based on user object and return that. And, use the returned token for the next calls.

The library which you are using has an option of generating tokens based on user object

You can pass the id or any other identifier of the user that you want to login as. Remember, that this call is as admin. Receive the response token genrated from user object and use this token for your next calls. That makes you logged in as the user you want to login as.

Please feel free to comment, if you did not understand what I am trying to say.

Ad
source: stackoverflow.com
Ad