Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experience to be truly fulfilling. Laravel takes the pain out of development by easing common tasks used in many web projects, such as:
- Simple, fast routing engine.
- Powerful dependency injection container.
- Multiple back-ends for session and cache storage.
- Expressive, intuitive database ORM.
- Database agnostic schema migrations.
- Robust background job processing.
- Real-time event broadcasting.
Laravel is accessible, powerful, and provides tools required for large, robust applications.
Laravel has the most extensive and thorough documentation and video tutorial library of all modern web application frameworks, making it a breeze to get started with the framework.
If you don't feel like reading, Laracasts can help. Laracasts contains over 1500 video tutorials on a range of topics including Laravel, modern PHP, unit testing, and JavaScript. Boost your skills by digging into our comprehensive video library.
We would like to extend our thanks to the following sponsors for funding Laravel development. If you are interested in becoming a sponsor, please visit the Laravel Patreon page.
- Vehikl
- Tighten Co.
- Kirschbaum Development Group
- 64 Robots
- Cubet Techno Labs
- Cyber-Duck
- Many
- Webdock, Fast VPS Hosting
- DevSquad
- Curotec
- OP.GG
- CMS Max
- WebReinvent
Thank you for considering contributing to the Laravel framework! The contribution guide can be found in the Laravel documentation.
In order to ensure that the Laravel community is welcoming to all, please review and abide by the Code of Conduct.
If you discover a security vulnerability within Laravel, please send an e-mail to Taylor Otwell via taylor@laravel.com. All security vulnerabilities will be promptly addressed.
The Laravel framework is open-sourced software licensed under the MIT license.
How to setup Multi-Auth for Laravel APIs
Add passport to your Laravel 8+ project
Lower versions can install with the following if you have composer dependency issues while trying to install
Go to “app/Providers/AuthServiceProvider” add the passport routes function and then define your roles and descriptions for each role and then specify the default role that would be attached if a role is not explicitly requested for.
registerPolicies(); Passport::routes(); Passport::tokensCan([ 'staff' => 'Access Admin Backend', 'customer' => 'Access Customer App', 'role' => 'Description for role', ]); Passport::setDefaultScope([ 'customer', ]); } ?>In the “defaults” section. Set the guard to default scope name you passed earlier
[ 'guard' => 'customer', 'passwords' => 'users', ], ?>In the “guards” section. You would see web and API, you should add the other roles and for the “driver” you set it to passport and then the provider should be the name of the provider which would be configured in the next step. It makes sense to set the provider name to be the same name as the role as in the example below
[ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'passport', 'provider' => 'users', 'hash' => false, ], 'staff' => [ 'driver' => 'passport', 'provider' => 'staff', ], 'customer' => [ 'driver' => 'passport', 'provider' => 'customer', ], ], ?>In the providers' section, add a provider for each role as well. This the driver should be eloquent and the model should be the model of the tables you want each role to authenticate from.
[ 'customer' => [ 'driver' => 'eloquent', 'model' => App\customer::class, ], 'staff' => [ 'driver' => 'eloquent', 'model' => App\staff::class, ], ], ?>For each of the models to be used, extend “Authenticatable” and then use the traits “HasApiTokens” and “Notifiable”.
Create a middleware
php artisan make:middleware checkForAllScopes
Add the code below. It checks that the authenticated user is allowed to make the request else it fails
user() || ! $request->user()->token()) { throw new AuthenticationException; } foreach ($scopes as $scope) { if ($request->user()->tokenCan($scope)) { return $next($request); } } return response( array( "message" => "Not Authorized." ), 403 ); } } ?>Go to “app/Http/Kernel.php” add the new scope to the routed middleware section
\App\Http\Middleware\Authenticate::class, ... 'scopes' => CheckForAllScopes::class, ]; ?>Go to “routes/api.php” then put the auth middleware with the right guard for the role
'v1'],function(){ //general unauthenticated routes here Route::group(['prefix' => 'customer'],function(){ Route::post('sign-up','CustomerController@signUp'); //unauthenticated routes for customers here Route::group( ['middleware' => ['auth:customer','scope:customer'] ],function(){ // authenticated customer routes here Route::post('dashboard','CustomerController@dashboard'); }); }); Route::group(['prefix' => 'staff'],function(){ Route::post('sign-up','StaffController@signUp'); //unauthenticated routes for customers here Route::group( ['middleware' => ['auth:staff','scope:staff'] ],function(){ // authenticated staff routes here Route::post('dashboard','StaffController@dashboard'); }); }); }); ?>In your controller, you can retrieve a reference to the object by calling the request’s user. It would return an instance of the table that you used in authenticating.
user(); // the full object of the customer as containted in the able would // be available now } ?>When generating tokens pass the role as the scope to passport’s “CreateToken” method as in the example below
input('email'); $password = $request->input('password'); $rules = [ 'email' => 'required|email:rfc,dns|max:255', 'password' => ['required'], ]; $validator = Validator::make($request->all(), $rules,$this->validationMessages()); if ($validator->fails()) {return response()->json(["message" => $validator->errors()->first()],400);} if(customer::where('email',$email)->count() <= 0 ) return response( array( "message" => "Email number does not exist" ), 400 ); $customer = customer::where('email',$email)->first(); if(password_verify($password,$customer->password)){ $customer->last_login = Carbon::now(); $customer->save(); return response( array( "message" => "Sign In Successful", "data" => [ "customer" => $customer, // Below the customer key passed as the second parameter sets the role // anyone with the auth token would have only customer access rights "token" => $customer->createToken('Personal Access Token',['customer'])->accessToken ] ), 200 ); } else { return response( array( "message" => "Wrong Credentials." ), 400 ); } ?>All done! Now you can authenticate with various tables for different roles.