Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I have 2 kind of users that uses database, Users and Agents. I created Auth Gaurds
\guards
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'agents' => [
'driver' => 'session',
'provider' => 'agents',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => true,
],
'agents_api' => [
'driver' => 'token',
'provider' => 'agents',
'hash' => true,
],
],
//providers
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'agents' => [
'driver' => 'eloquent',
'model' => App\Agents::class,
],
],
The same code for registering user is stored at 2 different locations corresponding to the 2 routes for the users.
$validator = Validator::make($request->all(), [
'email' => 'required|string|email|max:255|unique:agents',
'password' => 'required|string|min:6',
]);
if($validator->fails()){
$val = ['validation_error' => $validator->errors()];
return response()->json($val, 400);
}
$user = Agents::create([
'email' => $request->get('email'),
'password' => Hash::make($request->get('password')),
]);
return response()->json($user, 200);
When logging in to create the api tokens, the same function is used (works well)
$token = Str::random(80);
$credentials = $request->only('email', 'password');
if (Auth::guard('web')->attempt($credentials)) {
// Authentication passed...
$request->user('web')->forceFill([
'api_token' => hash('sha256', $token),
])->save();
$user = Auth::guard('web')->user();
$val = ['user' => $user, 'token'=> $token];
return response()->json($val, 200);
}
elseif(Auth::guard('agents')->attempt($credentials)){
$request->user('agents')->forceFill([
'api_token' => hash('sha256', $token),
])->save();
$user = Auth::guard('agents')->user();
$val = ['user' => $user, 'token'=> $token];
return response()->json($val, 200);
}
$val = ['credential_error' => 'Login details not correct, kindly recheck'];
Now the issue is when i am trying to get the user using the header token, No matter what i do it still responds "unauthenticated"
if(Auth::guard('web')->check()){
return Auth::guard('web')->user();
}
if(Auth::guard('agents')->check()){
return Auth::guard('agents')->user();
}
else{
return 'unathenticated';
}
When using a header with the token you should use a guard that checks for the TokenGuard not the SessionGuard. In your case you should check agains the api or api_agents guards:
if(Auth::guard('api')->check()){
return Auth::guard('api')->user();
}
if(Auth::guard('agents_api')->check()){
return Auth::guard('agents_api')->user();
}
// no need for else here, as previous
// `if` clauses have `return` inside them
return 'unathenticated';
Please or to participate in this conversation.