Skip to content
Advertisement

How to create and secure multi-auth api gurds using laravel 8 passport?

I’m building an API for android app which requires 2 types of authentication using Laravel 8. Users Auth and Teachers Auth.

The problem that I have is that tokens which are created for users can be used in teachers api requests while they must not work in teachers routes. if someone copied the token of a user can change the user’s data.

I made some changes to the auth.php : I added this to the guards:

 'teacher_api' => [
            'driver' => 'passport',
            'provider' => 'teacher',

        ],
'guards' => [
        'teacher' => [
            'driver'   => 'session',
            'provider' => 'teachers',
        ],

        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
            'hash' => false,
        ],
        'teacher_api' => [
            'driver' => 'passport',
            'provider' => 'teachers',

        ],
    ],

The providers array:

 'providers' => [
        'teachers' => [
            'driver' => 'eloquent',
            'model'  => AppTeacher::class,
        ],

        'users' => [
            'driver' => 'eloquent',
            'model' => AppUser::class,
        ],

    ],

The Api Routes:

    Route::prefix('teacher')->group(function () {
        Route::group(['middleware' => 'auth:teacher_api'], function () {
            Route::get('teacher_info', 'ApiApiController@teacherInfo');
            Route::post('update_teacher_info', 'ApiApiController@updateTeacherInfo');
        });
    });

What step did I forget to do ?

Advertisement

Answer

In case someone was looking an answer related to my question.

  1. If you’re using laravel 8.x. Don’t try to install sfelix-martins/passport-multiauth package. The package is deprecated because Laravel Passport has a native implementation since version 9.0.
  2. Try reading these articles. Each of them perform multi-guards with passport scopes and hope you find the solution that you need as I did.

The Articles:

Laravel 8 Multi Authentication API Tutorial

How to setup Multi-Auth for Laravel APIs | by Toby Okeke | Medium

User contributions licensed under: CC BY-SA
1 People found this is helpful
Advertisement