Adding a Custom Guard

@crowded The Laravel documentation has a section on creating custom guards and user providers: https://laravel.com/docs/master/authentication#adding-custom-guards

You’ll need to create a user provider that implements the methods from the user provider contract. So in the retrieveByCredentials() method would be where you perform a HTTP request against your API. If you’re using the session guard, the user response will then be stored in the session and returned when you call Auth::user().

Thank you @martinbean ! I believe you are correct. I plan to have a dashboard page, and possibly a few other pages that end users will need to log into. The user will enter their username & pass and that information will be sent to our remote API which will validate and respond back with the Bearer Token. I need to retrieve that, store it in the session and use it for validation as needed.

I have found a good amount of documentation that explains how to set up a users table and store the token in a database, but I can't seem to find information that explains how authenticating users against a remote service like this. I am not really supposed to have users in my database, our remote system already took care of all that.

In the documentation you suggested on adding a custom guard, I am not understanding how I can get the custom guard to speak with my remote service.

Creating a custom guard would be ideal, but I am about to give up and just try passing in the token using guzzle either through Middleware or directly within a Controller.

I am also looking to do this exact thing but cant figure out how to implement it. Are there any guides or examples on how to achieve this?

Hello! Ping. Anyone could solve this? I have the same problem. I used this: https://laravel.io/forum/11-04-2014-laravel-5-how-do-i-create-a-custom-auth-in-laravel-5 ,but it does not work in my case. But i think that is a good article.

https://www.youtube.com/watch?v=iKRLrJXNN4M follow this tutorial

@vipin93 Thanks! IT was a good video, but not the solution for my problem. I need to write a good retrieveById method. I do not have DB, I communicate with an API. Cheers

@crowded Did You find some implementation to help you in your scenario?

I also need to configure a new user provider using an API token. And I'm looking for a good example.

I am also interested in this

I'm also stuck on this same issue. Is anyone have some thought which help me on this issue? As @crowded described the problem very well.

This is a really really tough problem, that does not seem to be explained fully anywhere. The problem is that it involves at least a dozen different parts that need to come together, and aliases all other the place, with similar or identical names but very different meanings. And most of the stuff joins together within magic middleware that is very hard to debug. Struggling with this myself, and no tutorial or article gives the complete picture.

@crowsed on one question you have - how the guard knows how to access the remove system, I don't believe it does. It is the user provider that does that. The user provider knows where the user is (at the end of an API), how to fetch a user (from that API), and how to check the credentials of a user.

The provider used by the guard comes in two parts: the driver and the model. The driver, which is aliased and registered yet somewhere else (not in the auth config, even though it is only used for auth) is the class that does the actual API communications and populates the model. However, if you are allowing the user details to be updated, then the user model may need to contain the actual communications with the API. For example, when using an eloquent user model, you can change the user's name, then hit $user->save() to save it back to the database. However, your user model won't be an eloquent model if it is entirely remote. However, you may mirror the user locally and update it each time the user logs in - it depends if you need to store anything locally against the user.

I'd love to see all this drawn out in a diagram, because it is crazy complex to picture.

I have trouble trying to put this middleware 'auth:sanctum' together. for clearity here is the full route

Route::get('users/profile', \App\Http\Controllers\Api\ProfileController::class)
        ->name('users.profile')
        ->middleware('auth:sanctum');

how does 'auth:sanctum' work? it seems to me that the auth guard is taking 'sanctum' string as a parameter.