Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

cherrypulp's avatar

Problem with custom Auth Provider in Admin Package using the new 5.2 auth system

Hi everyone,

We have an issue with the way of including a custom auth provider for an Admin package we maid and want to put Open Source soon after Laravel 5.2 refactoring.

We have a custom AuthController that implements :

use AuthenticatesUsers, ThrottlesLogins;

The Auth attempt works and I get the the user in the AuthController.

But when we redirect the user after a successful auth attempt to a route protected by our AuthMiddleware => it seems that we lost the login session... and when we try to test auth('arxmin')->check() it returns now false.

Here is the code in our custom AuthController :

class AuthController extends Controller
{
    use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
    use AuthenticatesUsers, ThrottlesLogins;
    protected $redirectPath = "arxmin/dashboard";
    protected $redirectTo = "arxmin/dashboard";
    protected $guard = "arxmin";

/**
     * If user is authenticated => redirect to the arxmin home
     *
     * @param $request
     * @param $user
     * @return \Illuminate\Http\RedirectResponse
     */
    public function authenticated($request, $user){
    //dd(auth('arxmin')->check(), $user); ----> When we try that it seems that the user is correctly connected
        return redirect()->intended($this->redirectTo);
    }

But when we protect a route with our Custom Middleware :

/**
class AuthenticateMiddleware {

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  string|null  $guard
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null)
    {
        dd(auth("arxmin")->check());

        if (auth("arxmin")->guest()) {
            if ($request->ajax()) {
                return response('Unauthorized.', 401);
            } else {
                return redirect()->guest('login');
            }
        }

        return $next($request);
    }

}

=> it seems that the user is not logged anymore

Can somebody help us ?

Thanks a lot !

0 likes
2 replies
cherrypulp's avatar
cherrypulp
OP
10 years ago
Best Answer
Level 2

Yes I figure out what is wrong, you must put your AuthController inside the 'web' middleware group => if not you won't have the session, cookie etc. => so the controller route should at least run :

\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class

See here for full explanation : https://mattstauffer.co/blog/middleware-groups-in-laravel-5-2

Hope it will help ;-)

Please or to participate in this conversation.