Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

rcastellanosm's avatar

Custom Auth fail to save user in session

Hi, I write a custom user provider to validate my user in a external API on external server. My custom user provider and service provider looks like this:

namespace App\Providers;
use Auth;
use App\Auth\CustomUserProvider;
use Illuminate\Support\ServiceProvider;

class CustomAuthServiceProvider extends ServiceProvider
{
    public function boot()
    {
        Auth::provider('xxxx', function($app, array $config) {
            // Return an instance of Illuminate\Contracts\Auth\UserProvider...
            return new CustomUserProvider();
        });
    }

    public function register()
    {
        //
    }
}

And my CustomAuthPtovider is this:

<?php
namespace App\Auth;

use Illuminate\Auth\GenericUser; 
use Illuminate\Contracts\Auth\Authenticatable as Authenticatable; 
use Illuminate\Contracts\Auth\UserProvider;
use Psr\Http\Message\ResponseInterface;
use Illuminate\Http\Request;
use App\XXX\Facades\XXXX;
use Log;

class CustomUserProvider implements UserProvider {
    public $errors = []; 

    public function getErrorMessages ( ) {
        return $this->errors;
    }

    public function retrieveById($identifier)
    {
        // TODO: Implement retrieveById() method.

    }

    public function retrieveByToken($identifier, $token)
    {
        // TODO: Implement retrieveByToken() method.
        return null;
    }

    public function updateRememberToken(Authenticatable $user, $token)
    {
        // TODO: Implement updateRememberToken() method.

    }

    public function retrieveByCredentials(array $credentials)
    {
        $response =APIService::get( 'GET', $credentials, 'tokens');

        if ( array_key_exists('code', $response) ) {
            /* Exception o Credentials Error */
            $this->errors = $response;
            return null;

        } else {

            $apiCredentials = json_decode( $response->getBody(), true );

            if( $apiCredentials ) {
                $attributes = array (
                    'id' => 1,
                    'name' => 'Name',
                    'lastname' => 'LastName',
                    'email' => '[email protected]'
                );

                $user = new GenericUser( $attributes );
                return $user;
            }
        }
        
       return null;
    }

    public function validateCredentials(Authenticatable $user, array $credentials)
    {
        if( $user->email == $credentials['email'] ) {

            return true;
        }
        return false;

    }
}

The main problem is that the user if logged fine, but in the next request Auth::user() returns false. Debugging in the middleware Auth:user() is returning false too.

Thanks for your help.

0 likes
5 replies
jmendozaf's avatar

Same problem here! Have you found any solutions for this issue??

SaeedPrez's avatar

Have you tried Auth::guard('guard_name')->user() ?

As an alternative, I believe you can change the defaults in your config file as well, take a look at this page.

jlrdw's avatar

Also don't forget there's a free video in the series on using guard.

jmendozaf's avatar

I tried with Auth::guard('web') but the lastAttempted where the User is stored return null after the next request

simonhamp's avatar

You'll need to make sure you return an instance of a class that implements \Illuminate\Contracts\Auth\Authenticatable from the retrieveById() method

1 like

Please or to participate in this conversation.