1 month ago

Multiple Auth Guards vs Roles / Permissions

Posted 1 month ago by bagwaa


So I am in the process of building a new app, and I am stuck on what would be considered the best approach to handle authentication.

The app in question needs to allow the following :-

  • Regular user registration (automatic email confirmation, and then log in once email has been verified)

  • Regular user login through /login

  • Vendor registration (this won't allow the user to login until they have been approved as a vendor, so the flow is different to regular users)

  • Vendor login through /vendor/login

  • Admin user login, this is basically the owner of the site, and they will be able to approve or deny vendor registrations.

In my head I am thinking I would use three different auth guards, and a table for each type of user, however I keep wondering if the better approach here would be to use a single users table, a single auth guard but the use something like a permissions / roles system to differentiate between the user types.

The only reason I am thinking a role base system wouldn't work so well is because vendors and users will have a totally different registration flow and need to login via different URLs.

Has anyone any thoughts on this type of multi user table approach, I can't work out if I like the approach or not, or if there is a more structured way.



Please sign in or create an account to participate in this conversation.