Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Ebtsam's avatar

laravel sanctum multi auth guard

I want to check which guard is logged in right now using auth sanctum I have two tables one for users and one for students

class Student extends Authenticatable
{
    use HasApiTokens, HasFactory, Notifiable, HasRoles;

    /**
     * The attributes that are mass assignable.
     *
     * @var array<int, string>
     */
    protected $fillable = [
        'name',
        'email',
        'password',
    ];

in auth.php

  'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
        'student-api' => [
            'driver' => 'session',
            'provider' => 'students',
        ],

    ],

 'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],
        'students' => [
            'driver' => 'eloquent',
            'model' => App\Models\Student::class,
        ],

        // 'users' => [
        //     'driver' => 'database',
        //     'table' => 'users',
        // ],
    ],
```

in my controller 


```
class StudentAuthController extends Controller
{
										
      public function login(UserLoginRequest $request)
    {
        $data = $request->validated();

        if(! Auth::guard('student-api')->attempt(['email' => $data['email'], 'password' => $data['password']])){
            return response()->json(['message' => 'invalid credentials'], 403);
        }
        $student = Auth::guard('student-api')->user();
        $token = $student->createToken('auth-student-token', ['*'])->plainTextToken;

        return response()->json([
            'token' => $token,
            'student' => $student,
            'guard-student' => Auth::guard('student-api')->user()->name
        ]);
    }

in the previous function, I'm able to access Auth::guard('student-api')->user();

but when I try to access it from a different endpoint I get null and please note that I have added the token in headers as I use middleware :


Route::get('/testing-student', [StudentController::class, 'test'])->middleware('auth:sanctum');

I also used this middleware and I got unauthenticated:

Route::get('/testing-student', [StudentController::class, 'test'])->middleware('auth:student-api');
0 likes
4 replies
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

To check which guard is logged in using Laravel Sanctum, you can use the auth()->guard() method. In your case, you can use auth()->guard('student-api') to check if the student guard is authenticated. Here's an example:

if (auth()->guard('student-api')->check()) {
    // Student guard is authenticated
} else {
    // Student guard is not authenticated
}

In your StudentController class, you can use this code to check if the student guard is authenticated:

public function test()
{
    if (auth()->guard('student-api')->check()) {
        $student = auth()->guard('student-api')->user();
        // Do something with the authenticated student
    } else {
        return response()->json(['message' => 'Unauthenticated'], 401);
    }
}

Make sure that you include the token in the headers of your request when accessing the /testing-student endpoint.

Ebtsam's avatar

it returned:

{
    "message": "Unauthenticated"
}

and I have included the tokens in the headers

but when I use that "

public function test()
{
    if (auth())->check()) {
        $student = auth()->user();
        return $student;
    } else {
        return response()->json(['message' => 'Unauthenticated'], 401);
    }
}

the return 
{
    "id": 2,
    "name": "student one",
    "slug": "student-one",
    "email": "[email protected]",
    "created_at": "2023-05-17T07:41:29.000000Z",
    "updated_at": "2023-05-17T07:41:29.000000Z"
}

from students table, but how do I handle which guard is logged in.

Please or to participate in this conversation.