Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I have tried to solve this problem for a few days and haven't resolved it yet, hehehe. so please help the masters here please help.
First I change the name user.php to client.php.
Then I made a new model named admin.php.
then in the app/auth.php file I change it to be like this:
'defaults' => [
'guard' => 'client',
'passwords' => 'clients',
],
'guards' => [
'client' => [
'driver' => 'session',
'provider' => 'clients',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
],
'providers' => [
'clients' => [
'driver' => 'eloquent',
'model' => App\Client::class,
],
'admins' => [
'driver' => 'eloquent',
'model' => App\Admin::class,
],
],
'passwords' => [
'clients' => [
'provider' => 'clients',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
'admins' => [
'provider' => 'admins',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
],
and this LoginController.php:
public function __construct()
{
$this->middleware('guest')->except('logout');
}
public function showLoginForm()
{
return view('admin.auth.login');
}
protected function guard()
{
return Auth::guard('admin');
}
then I tried to log in, and the result was session set, but displaying the login page again (no login failed) it's just that I was not directed to the home page
then I change the auth.php file:
'defaults' => [
'guard' => 'admin',
'passwords' => 'admins',
],
then I open http://app.dev/login and I am immediately directed to the homepage, which means I have successfully logged in with a session that was previously saved.
the question: how to login with different models in laravel? or where/how is Illuminate\Foundation\Auth\AuthenticatesUsers; call the defaults array value?
No need for none of that just use out of the box Authentication.
Then use authorization to determine who can and cannot do what.
The laravel 6 from scratch series there are free videos on authorization.
And this sort of thing has been covered here many times.
Authentication means a login has to happen.
Authorization determines what the logged in user can or cannot do.
yes I understand, but I want to separate the client model and the admin model. is there no way to do that in laravel?
and I do not have access to laracast series :(
Will both models access the same resources?
For example, both will have access to the same protected routes? (/homepage, etc.)
If yes, I guess you are better using a single model, at least for authentication. You can have a User model that holds auth related stuff (email and password) that relates to the Client and Admin models in a polymorphic relation (morphOne) where they hold other data exclusive to those models.
If no, clients and admin use different routes, then you can differentiate guarding those routes with auth:client or auth:admin depending on their requirements. I have this setup on a project where we had a legacy database structure that our client didn't want to change. It is an e-commerce solution, so the public facing routes requires a member guard, while the admin backend routes require an admin guard. Both with separate login pages. If both member and admin access is needed for the same user, they need to be registered on each table.
When you don't specify a guard for a route Laravel fallback to the default guard to check for the user. It doesn't loop for every guard available. Imagine if you have 10 guards defined, it wouldn't be very performant to make 10 DB queries before failing for every guarded route.
Also Laravel only keeps the auth identifier (generally the id column) value in the session. So without specifying the guard it has no way to tell from each guard you expect that id to come from.
Also how you do differentiate an admin with id = 1 from a client with id = 1? If you have a single user table, two users would not have the same id. You can differentiate clients from admin by adding a role column to the users table, or by using a RBAC (role-based access control) strategy, there are many packages that implements that, and as @jlrdw said, @JeffreyWay covered it so many times here in Laracasts' videos. One package I usually reach for that is this:
https://github.com/spatie/laravel-permission/
If by all means you need to have separated models, can't have a single table and the users from those models will have access to the same routes, you can write a custom User Provider that loops through both models. The official documentation has a section about it:
https://laravel.com/docs/7.x/authentication#adding-custom-user-providers
One tip is to override the getAuthIdentifier method on the Client and Admin models to prefix it with a reference (for example: client:1 and admin:1) so in the provider you can tell which model to query. Also the auth identifier is what is persisted into the session.
You can check the EloquentUserProvider implementation to know how to write your custom one.
Add that custom provider to the default guard and profit.
I just got the answer at https://medium.com/@nasrulhazim/laravel-using-different-table-and-guard-for-login-bc426d067901
I will digest your answer first
thanks for the answer, you are the best.
You're welcome =) Hope it helps.
Please or to participate in this conversation.