Authentication guard with external accounts server

Posted 2 years ago by jkahgee

I have an API and an Accounts server implemented with the new Passport for OAuth. I have multiple applications where users will be directed to the accounts server to log in and then redirect back to the app (the normal authentication_code grant for OAuth2). Since these are first-party apps we automatically grant permission for the user on our accounts server. My question is: I will still have logic that needs to be guarded throughout these other apps and would like to use existing laravel code as much as possible. ie: Auth::guard. But I would like to NOT store the users' information in the first-party apps DB if possible; Since I don't want to worry about redundant data in multiple applications. Our accounts server will be the source of all data for that user. Is it possible for the Auth code to be extended so it can check the existence of a token or some other logic to verify if the user is logged in? Or is there a better way to handle this?

Please sign in or create an account to participate in this conversation.

Laracasts Mascot

Hi, Have We Met Yet?

Did you know that, in addition to the forum, Laracasts includes well over 1000 lessons on modern web development? All for the price of one lunch out per month.

Sign Me Up


Reply to

Use Markdown with GitHub-flavored code blocks.