Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
i want to customize the login process for one of my users as below so i have 3 steps : 1-authenticate the user A from the Bearer Token they send me 2-receive the info of User B from User A from a custom value in header 3-Logout the User B from the guard('api') and Generate a token from that custom token they provide me . 4-login the user B and athenticate user B into guard('api'). so what i have tried so far i have part 1 and 2 now i need to do part 3-4 what i have tried like below : 1- i have athenticated the user from token generated error like below if they are not logged in :
protected function authenticateApi($request)
{
if (
!$this->auth->guard('api')->check() ||
$this->shopIsNotVerified()
) {
throw new AuthenticationException(
'Unauthorized.', ['api'], $this->redirectTo($request)
);
}
}
and i added another middle ware like below for step 2 on first line and the other lines are for 3 and 4 :
$UserB_info = $request->header('UserB_Key');
$userB = UserCustomeModel::where('custom_api_token',$UserB_info)->first();
//here i want to log out the user A from Guard('api') and log the user b into that .
//i tried this but no luck with it .
$token = $userB->createToken($userB->name)->accessToken;
$request->headers->set('Authorization', $token);
@farshadf That makes no sense to be honest. Passport is an OAuth server implementation, and OAuth is used to authenticate API requests using a token.
What is it you’re actually trying to achieve? Because what you’re described is not part of any standard OAuth flow at all.
yes @martinbean i know it may seems that its not standard but any way i have no other way to do it so i wanted to know if there is any way to logout the previous user and generate token for the new user and logs userB in manually like what we do in normal web guard .
Please or to participate in this conversation.