Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using both api and web guard #1746

Closed
PrafullaKumarSahu opened this issue Feb 1, 2019 · 2 comments
Closed

Using both api and web guard #1746

PrafullaKumarSahu opened this issue Feb 1, 2019 · 2 comments

Comments

@PrafullaKumarSahu
Copy link

API and Web Guard

I want to sue both web and API guard parallelly, but the solution I could find out not solving my issue.

Your environment

Q A
Bug? no
New Feature? yes
Framework Laravel
Framework version 5.7.19
Package version dev-develop
PHP version 7.2.10

Steps to reproduce

In config/auth.php either we can use web and API, cannot use something like api| web.

Expected behavior

Tell us what should happen
I have also asked in StackOverflow I think this question and updates will describe my question better.

Beside this, I tried to override authentication by overriding authentication() in LoginController

like

 public function authenticate()
    {
        if (Authentication::attempt(['email' => $email, 'password' => $password])) {
            // Authentication passed...
            return redirect()->intended('dashboard');
        } elseif (! $token = Authentication::guard('api')->attempt(['email' => $email, 'password' => $password]) ) {
            return response()->json([
                'error' => 'Unauthorized', 
                'status' => 401,
                'response' => 'Unauthorized user, please check your credentials.'
            ], 401);
        }
        return $this->respondWithToken($token);
    }

    protected function respondWithToken($token)
    {
        return response()->json([
            'access_token' => $token,
            'token_type' => 'bearer',
            'expires_in' =>  auth()->factory()->getTTL() * 60,
            'status' => 200,
            "response" => "Successfully login",
        ]);
    }

and 
also tried AuthController login method like

 `if (! $token = Auth::guard('api')->attempt($credentials) ) {`

but none of this solves seems correct.

Actual behaviour

Anyone of API and web guard is working, not both.
@PrafullaKumarSahu
Copy link
Author

I solved this by changing the AuthController to

<?php

namespace App\Http\Controllers;

use Auth;
use Illuminate\Http\Request;

class AuthController extends Controller
{
    /**
     * Create a new AuthController instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth:api', ['except' => ['login']]);
    }

    /**
     * Get a JWT via given credentials.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function login()
    {
        $credentials = request(['username', 'password']);

        $token = auth()->guard('api')->attempt($credentials);

        if (!$token) {
            return response()->json(['error' => 'Unauthorized'], 401);
        }

        return $this->respondWithToken($token);
    }

    /**
     * Log the user out (Invalidate the token).
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function logout()
    {
        auth()->guard('api')->logout();

        return response()->json(['message' => 'Successfully logged out']);
    }

    /**
     * Refresh a token.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function refresh()
    {
        return $this->respondWithToken(auth()->refresh());
    }

    /**
     * Get the token array structure.
     *
     * @param string $token
     *
     * @return \Illuminate\Http\JsonResponse
     */
    protected function respondWithToken($token)
    {
        return response()->json([
            'access_token' => $token,
            'token_type'   => 'bearer',
            'expires_in'   => auth('api')->factory()->getTTL() * 60,
        ]);
    }
}

and in api.php

Route::group([
    'middleware' => 'api',
    'prefix' => 'auth'
], function ($router) {

    Route::post('register', 'Auth\AuthController@register')->name('api.register');
    Route::post('forgot-password', 'Auth\ForgotPasswordController@forgotPassword')->name('api.forgot-password');
    Route::post('login', 'Auth\AuthController@login')->name('api.login');
    Route::middleware('jwt.auth')->post('logout', 'Auth\AuthController@logout')->name('api.logout');
    Route::middleware('auth')->post('refresh', 'Auth\AuthController@refresh')->name('api.refresh');
    Route::middleware('jwt.auth')->post('me', 'Auth\AuthController@me')->name('api.me');
});

Please let me know, if there is any better solution.

@eboujlal
Copy link

eboujlal commented Feb 24, 2020
edited

show your config file, please.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PrafullaKumarSahu @eboujlal