Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi there, I've extended the UserProvider and the AuthServiceProvider to create my own authentication service management. I created a new Generic User from a json I get but now my question is :
How can I implement the relations between the user roles and permissions objects?
I mean, the json I get is provided with all the relations between the objects, so for better understanding, it is something like this:
{ id: 1, user: "hushhush" ,{role: { id: 1, name: "admin", permission: {[id: 1, name : "read"], [id:2, name: "write"]}}}}
Now, how can I create the Eloquent models with all the relationships without even using the database table? Will Eloquent query by the way the database for instance? Is there a way to tell Laravel to use models without fetching the db? Maybe I do not have to extend the Model in my models classes (User, Role, Permission)? But how to handle relations between models without db relations?
Thanks in advance!
I was thinking if I should use this Eloquent Enhancement that implements only Models as array and json and then should I rewrite only some relation classes as HasOne, HasOneOrMany and Relation to get it done? Is that something affordable that worth it? Is there any Laravel SME can address me? Thanks.
I got it!!! Create a new Guard provider for user, session and cookie management, a new User Provider for user, roles and permissions management, create the three models extending Eloquent. Now, the User provider must handle the json got from the authentication api SSO and create user, role and permission models. Then, you have to choose if persisting the three models into your database or persist them only into the sessions. To persist the models into the session just remember to pass the session.store also to the User provider to store session objects. Change the retrieveBy{Id}or{Credentials} to fit your needs. For retrieveById, I just return the User model persisted to the session. Relations stay the same and you will be able to fetch roles and permissions from the user model as usual with all the eloquent relationship already in place. Then, use your database only for the stuff related to your application without implementing user, password, roles and permissions table since they will be managed centrally by the SSO system. I've also implemented a TokenManager to guzzlefy the SSO endpoint and return the json to the userprovider. It worked for me! Hope it could help others struggling with same stuff.
I was forgetting to mention the new Middleware authentication I set up as first route to my application. It start the process for authentication and if something goes wrong throw exception for access denied. For success, redirect to the route protected by the usual auth middleware. Auth::check() and Auth::user() work great. Remember to change your auth config file with your custom providers.
@Dario , can you put in some public repo(github, gitlab, bitbucket, ...) Prrof of Concept code?
Best, Dragan
Hi @gandra404 , since I'm receiving lots of requests about this topic, I've just written a brief tutorial for this on my blog and you can check it out here
Hope it could help with your project. I ain't available as much I'm always struggling on lots of projects but should you need any help I'll try to accommodate. Can't promise that though. ;)
I will check it. Thanks! Meanwhile I have made something with laravel 5.4 , laravel passport and custom user provider but curerntly have some issue ... you can check it here if you can help: http://stackoverflow.com/questions/41947149/how-to-fix-unauthorized-access-on-post-oauth-token
And I believe that this example could be valuable for others who are looking for similar solution.
@Dario , inside CustomUserProvider therte is a function:
protected function createUser($model, $body_resp)`{
....
}
$model is created in createModel() function inside CustomGuard.
What is the type of $model? GenericUser?
@gandra404 , I used the UserContract.
Please or to participate in this conversation.