Get token owner/parent from Laravel Request when using a different model

I am working on a mobile app where device ids serve as main Identifier for users. User accounts are not a requirement, hence there's no users table. Instead, I use a devices table where device information is stored and a default password hash is used. The Device model replaces the User model. How do I identify a user from a request? With the user model in place, the answer to my question would have been $request->user(). Thanks so much in advance. Below is my default Device model.


namespace App\Models;

use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Notifications\Notifiable;
use Laravel\Sanctum\HasApiTokens;

class Device extends Authenticatable
{
    use HasFactory;
    use Notifiable;
    use HasApiTokens;

    protected $guarded = ['id'];

    protected $hidden = [
        'password',
    ];

    public function uploads(): HasMany
    {
        return $this->hasMany(Upload::class);
    }
}

Device.php


use App\Models\Device;

return [

    /*
    |--------------------------------------------------------------------------
    | Authentication Defaults
    |--------------------------------------------------------------------------
    |
    | This option controls the default authentication "guard" and password
    | reset options for your application. You may change these defaults
    | as required, but they're a perfect start for most applications.
    |
    */

    'defaults' => [
        'guard' => 'web',
        'passwords' => 'devices',
    ],

    /*
    |--------------------------------------------------------------------------
    | Authentication Guards
    |--------------------------------------------------------------------------
    |
    | Next, you may define every authentication guard for your application.
    | Of course, a great default configuration has been defined for you
    | here which uses session storage and the Eloquent user provider.
    |
    | All authentication drivers have a user provider. This defines how the
    | users are actually retrieved out of your database or other storage
    | mechanisms used by this application to persist your user's data.
    |
    | Supported: "session", "token"
    |
    */

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'devices',
        ],

        'api' => [
            'driver' => 'token',
            'provider' => 'devices',
            'hash' => false,
        ],
    ],

    /*
    |--------------------------------------------------------------------------
    | User Providers
    |--------------------------------------------------------------------------
    |
    | All authentication drivers have a user provider. This defines how the
    | users are actually retrieved out of your database or other storage
    | mechanisms used by this application to persist your user's data.
    |
    | If you have multiple user tables or models you may configure multiple
    | sources which represent each model / table. These sources may then
    | be assigned to any extra authentication guards you have defined.
    |
    | Supported: "database", "eloquent"
    |
    */

    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],
        'devices' => [
            'driver' => 'eloquent',
            'model' => Device::class
        ]

        // 'users' => [
        //     'driver' => 'database',
        //     'table' => 'users',
        // ],
    ],

    /*
    |--------------------------------------------------------------------------
    | Resetting Passwords
    |--------------------------------------------------------------------------
    |
    | You may specify multiple password reset configurations if you have more
    | than one user table or model in the application and you want to have
    | separate password reset settings based on the specific user types.
    |
    | The expire time is the number of minutes that the reset token should be
    | considered valid. This security feature keeps tokens short-lived so
    | they have less time to be guessed. You may change this as needed.
    |
    */

    'passwords' => [
        'users' => [
            'provider' => 'users',
            'table' => 'password_resets',
            'expire' => 60,
            'throttle' => 60,
        ],
        'devices' => [
            'provider' => 'devices',
            'table' => 'password_resets',
            'expire' => 60
        ]
    ],

    /*
    |--------------------------------------------------------------------------
    | Password Confirmation Timeout
    |--------------------------------------------------------------------------
    |
    | Here you may define the amount of seconds before a password confirmation
    | times out and the user is prompted to re-enter their password via the
    | confirmation screen. By default, the timeout lasts for three hours.
    |
    */

    'password_timeout' => 10800,

];

config/auth.php

koramit

4 years ago

Level 8

I implement something like yours recently. Following the docs

https://laravel.com/docs/8.x/authentication#adding-custom-user-providers

In my case, user need to login if success the custom user provider will get and keep user's Sanctum's token in session then use it to make requests then I can use Auth to get a user form a request.

Your Device extended from Authenticatable maybe your devices table need to have fields that compatible with Authenticatable methods.

Please or to participate in this conversation.