?? Token-based Authentication in Laravel with a Custom Guard and Provider ??

?? Token-based Authentication in Laravel with a Custom Guard and Provider ??

I know this is painful but you need to understand this subject ??

1?? Create a Custom Guard: In your Laravel project, navigate to the app/Providers directory and create a new file called CustomTokenGuard.php. Here's a basic structure for the custom guard:


namespace App\Providers;

use Illuminate\Auth\GuardHelpers;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Http\Request;

class CustomTokenGuard implements Guard
??? use GuardHelpers;

??? protected $request;

??? public function __construct(Request $request)
??? {
??????? $this->request = $request;
??? }

??? public function validate(array $credentials = [])
??? {
??????? // Implement your validation logic here
??? }

??? // Implement other required methods such as user(), id(), etc.


2?? Register the Custom Guard: Next, you need to register your custom guard in Laravel's authentication configuration. Open the config/auth.php file and locate the guards array. Add the following code to register your custom guard:

'guards' => 
??? 'custom_token' => [
??????? 'driver' => 'custom',
??????? 'provider' => 'custom_provider',
??? ],

3?? Create a Custom Provider: Create a custom user provider that will interact with your chosen data source (e.g., database, API) to retrieve user information. In the same app/Providers directory, create a file called CustomUserProvider.php. Here's a basic structure for the custom provider:


namespace App\Providers;

use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Auth\UserProvider;

class CustomUserProvider implements UserProvider
??? public function retrieveById($identifier)
??? {
??????? // Implement logic to retrieve user by identifier (e.g., user ID)
??? }

??? public function retrieveByToken($identifier, $token)
??? {
??????? // Implement logic to retrieve user by identifier and token
??? }

??? public function updateRememberToken(Authenticatable $user, $token)
??? {
??????? // Implement logic to update the remember token (if applicable)
??? }

??? // Implement other required methods such as retrieveByCredentials(), validateCredentials(), etc.


4?? Register the Custom Provider: Open the config/auth.php file again and locate the providers array. Add the following code to register your custom provider:

'providers' => 
??? 'custom_provider' => [
??????? 'driver' => 'custom',
??????? 'model' => App\Models\User::class, // Replace with your user model
??? ],


5?? Configure the Routes: Define the routes that will handle the authentication endpoints. For example, you can create a routes/api.php file and add the following routes:

use Illuminate\Http\Request

Route::post('/login', function (Request $request) {
??? // Implement your login logic using the custom guard

Route::middleware('auth:custom_token')->group(function () {
??? Route::post('/logout', function () {
??????? // Implement your logout logic using the custom guard
??? })->name('logout');


6?? Implement the Authentication Logic: In the login and logout route closures, implement the authentication logic using your custom guard. Here's an example:

use Illuminate\Support\Facades\Auth

// Login route
$credentials = $request->only('email', 'password');
if (Auth::guard('custom_token')->validate($credentials)) {
??? // Authentication successful
??? $user = Auth::guard('custom_token')->user();
??? $token = // Generate a unique token for the user

??? // Save the token to the user or token storage

??? return response()->json([
??????? 'token' => $token,
??????? 'user' => $user,
??? ]);
} else {
??? // Authentication failed
??? return response()->json(['message' => 'Invalid credentials'], 401);

// Logout route
// Implement any additional logic, such as invalidating the token

return response()->json(['message' => 'Logged out successfully']);


7?? Protecting Routes: To protect routes with your custom token-based authentication, apply the auth:custom_token middleware. For example:

use Illuminate\Support\Facades\Route

Route::middleware('auth:custom_token')->group(function () {
??? // Protected routes


8?? Testing Authentication: Test your custom token-based authentication by using tools like Postman or cURL. Send requests to the login and logout routes with the appropriate credentials and handle the responses accordingly and remember to adjust the code according to your specific authentication logic and requirements, or just copying and pasting won't work.

Juan Yoel Cerna Torres

Fullstack developer | PHP | Laravel | Codeigniter | Vue | Angular | CSS | Html 5

1 年



Nugzar Skhireli的更多文章

