Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I have applied the default Basic Auth middleware to one of my routes. Everything seems to be working perfectly (I also changed the default field from email to login because that's what I am using as the username) except for the fact that I am able to authenticate any user just by his login. I do not need to specify the password. Whenever I try to type in the correct password Laravel doesn't let me through. It correctly recognizes that a user does not exist if I input a non-existing username but it also allows me to authenticate if I specify a correct login only (without a password).
This is my api.php route:
Route::get('order/{order_id}/{item_id}', 'ApiOrderController@order')->middleware('auth.basic');
The only change I made in the AuthenticateWithBasicAuth class is specifying the login field instead of the default email field:
public function handle($request, Closure $next, $guard = null)
{
return $this->auth->guard($guard)->basic('login') ?: $next($request);
}
I'd be really grateful for any help with this issue.
My first suspicion is that there is a conflict somewhere since you're using login as the field name.
I'll spin up a new project, and test it out also... but in the meantime maybe try changing the field to username or something similar.
After looking this over, I was unable to reproduce the issue. However I probably don't have it setup the same way.
Please or to participate in this conversation.