Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

ayazio's avatar

Session Not Stored When using Custom User Provider

I have a requirement to authenticate users against an external API that returns the User Properties as JSON when credentials are valid, and HTTP 400 when invalid.

I couldn't fully understand the documentation as I am new to Laravel but I started working on it anyhow and have managed to hack something together.

Right now I am able to check for valid credentials using a custom user provider but when I redirect the users to another page Auth::user() is null. I don't understand what's happening here.

My user provider is like this

<?php

namespace App\Auth;

use App\User;
use GuzzleHttp\Exception\GuzzleException;
use Illuminate\Contracts\Auth\UserProvider;
use Illuminate\Contracts\Auth\Authenticatable;
use App\SubscriberUser;

class CustomUserProvider implements UserProvider
{
    public function retrieveById($identifier) {

    }

    public function retrieveByCredentials(array $credentials) {
        // dd($credentials);

        $client = new \GuzzleHttp\Client();

        $apiBaseUrl = config('app.api_baseurl');

        try {
            $apiRequest = $client->post( $apiBaseUrl . '/v1/iptv/login', 
            ['json' => 
                [
                    'username' => $credentials['username'], 
                    'password' => $credentials['password']
                ]
            ]);
            $userProps = json_decode($apiRequest->getBody()->getContents());
            return new SubscriberUser($userProps);

        } catch (GuzzleException $e) {     
            $res = $e->getResponse();
            $errors = "Error.";
            if($res->getStatusCode() == 400) {
                $errors = 'Username or Password Incorrect.';
            }
            return new SubscriberUser(null);
        }
        return null;
    }
    
    public function validateCredentials(Authenticatable $user, array $credentials) {
        if($user->userProps)
        {
            return true;
        } else {
            return false;
        }

    }

    public function retrieveByToken($identifier, $token) { 
        return App\SubscriberUser;
    }

    public function updateRememberToken(Authenticatable $user, $token)
    {
        return;
    }

}

My config\auth.php is like this

<?php

return [

    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'customusers',
        ],

    ],

    'providers' => [

        'customusers' => [
            'driver' => 'appio'
        ],
    ]

Thanks

0 likes
3 replies
bobbybouwmann's avatar

Your code looks correct to me. How did you register the appio provider?

ayazio's avatar

I registered it in AuthServiceProvider.php like this

<?php

namespace App\Providers;

use App\Auth\CustomUserProvider;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        // 'App\Model' => 'App\Policies\ModelPolicy',
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();

        \Auth::provider('appio', function($app, array $config) {
            return new CustomUserProvider();
        });

        //
    }
}
XuongBaLa's avatar

I've got the same problem... anybody have a solution?

Please or to participate in this conversation.