JWT auth for 2 types of users

Are these two user and business types of roles/accounts? If they are, you don't need 2 types of tokens, you'll need Role Based Access System.

@Ruffles they are not. They are 2 different objects. however, I do need 1 role (admin) for users. I may add a business rule to "fake" business login. I don't think that 1 role should require a role based system

What's the difference between the two objects? (User and Business)

@Rudfles the business user cannot do what the normal user does and vice versa. For example, if the user can view all of his posts, the business cannot do that. If the business can create coupons, the user cannot do that.

That sounds like roles to me. They are both Users but with different access/permissions.

@kfirba

Can both a User and a Business log into the system? If yes, then do they both have some shared elements such as email/username password type stuff? If you really want them to be in separate tables, you could make a new model that is for authorization.. then use a polymorphic relationship to Business and User in order to allow you to keep them separate. With JWT all you would have to do is add custom claims to track the user type and the ID of the model that you want to actually use after you've authenticated.

I think a better solution though... and probably the one you don't want to hear is that you should use roles/permissions. You can easily make 2 seperate parts of the application that allows different access based on the user type. You can use group routes and middleware to block access to user to all the business functions, and vice versa. using something like https://github.com/kodeine/laravel-acl You can have routes like this:

Route::group(['prefix' => 'v1', 'middleware' => ['jwt.auth', 'acl']], function () {
    Route::get('business', ['uses' => 'BusinessController@index', 'is' => 'business']);
}

Alternatively you can use the new middleware parameters from laravel 5.1.. and just put a type on the users table of business or user and check the middleware parameter when someone hits a route.. and redirect them where you want. http://laravel.com/docs/5.1/middleware#middleware-parameters

Hopefully this helps. I would highly recommend staying away from using a multi-auth package, because from my experience it can become difficult when you want to integrate with other packages that deal with auth, and it also can be a nightmare for upgrading later.

@isaackearl Thanks for that. I've actually gone this way myself. I just have an enum property on my user which can be either:

• regular
• admin *business

Then I will just a proper middleware and I'm done. A full fledges role system is redundant here I guess

You can easy change the User Model by modify the Config as what I do in my code Config::set('auth.providers.users.model', \App\Customer::class);

        $credentials = $request->only('username', 'password');
        try {
            Config::set('auth.providers.users.model', \App\Customer::class);
            // verify the credentials and create a token for the user
            if (! $token = JWTAuth::attempt($credentials)) {
                return response()->json(['error' => 'invalid_credentials'], 401);
            }

        } catch (JWTException $e) {
            // something went wrong

            return response()->json(['error' => 'could_not_create_token'], 500);
        }

i have this problem but in the token, i have 2 users when i login with user1 a token is generated , this token can be used to call all methods of user2 , so one generated token can be used for all users ?? haw can i resolve this problem

could use Role Based Access System or use Middleware class

http://itsolutionstuff.com/post/how-to-create-and-use-middleware-in-laravel-5example.html