Allowing User and Client access to route, Laravel 5.4

I have a route that is used by another application and by users, it needs to be secured.

I would like to restrict access to only the Authenticated Users OR Authenticated Application Clients.

Is there a way to allow both types of access? Or should I create a separate endpoint for both, with the users using a route with 'auth' middleware and the clients using a route with 'client' middleware?

danielrubango

8 years ago

Level 32

Try using Laravel Passport. It's very good for managing authentication. https://laravel.com/docs/5.6/passport

mettrrtech

8 years ago

Level 4

Thanks for your reply.

I'm already using passport as shown here https://laravel.com/docs/5.4/passport#client-credentials-grant-tokens.

I have routes that are currently being accessed by logged in users that are secured using 'auth:api' middleware.

The application client that i'm trying to allow access to my app is able to get a bearer token by making a request to the oauth/token endpoint mentioned in the docs.

However, their access is still restricted when they attempt to access a route using the 'api:auth' middleware.

If I change the middleware to 'client' then the api is able to gain access.

Am I doing something wrong or is this how its meant to be?

I was hoping that as long as there was a valid bearer token in the request, the 'auth:api' middleware would allow access.

Please or to participate in this conversation.