Problem
A typical web app will basically have two parts. The CMS part is for the admin to use to manage the content of the page, the app is for users to use. To design a web app like the one above, we will add a role to the user to be able to delegate permissions, so we only use one table. For example, a user with the role of admin, staff or writer will be able to access the cms, otherwise will only be able to access the app. However, if we wanted to separate the system users and the app users into two separate tables, how would we authtenticate? Let’s find out together.
Brief about the app
This is a web app with 2 parts, CMS for admin and app for users. I will use User model for admin and Customer model for app users.
Customize auth.php
First, let’s go into config/auth.php. There are 3 parts to watch out for: guards, providers and passwords. Briefly about the above 3 parts, guards will need to declare drivers and providers. The driver currently supported is the session, and the provider is the provider name that we will declare in the providers section. I will declare my guards as follows:
1 2 3 4 5 6 7 8 | 'guards' => [ ... 'customer' => [ 'driver' => 'session', 'provider' => 'customers', ], ], |
Here, I have added a guard named customer that uses the session driver and the provider is customers.
Next is the provider, in the provider we need to declare the driver as database or eloquent and the model is the model that we use to authenticate. I will declare my provider as follows:
1 2 3 4 5 6 7 8 | 'providers' => [ ... 'customers' => [ 'driver' => 'eloquent', 'model' => AppModelsCustomer::class, ], ], |
Note that in the guard section, we have declared that to use the provider named customers, in this declaration we must name the provider as customers so that the guard and the provider can find each other.
1 2 3 4 5 6 7 8 9 10 | 'passwords' => [ ... 'customers' => [ 'provider' => 'customers', 'table' => 'customer_password_resets', 'expire' => 60, 'throttle' => 60, ], ], |
Guaranteed
Next, we need to make sure we have migrations to create the necessary tables like customer, customer_password_resets. Having initialized the customer model, the customer model in this case will be the same as the user model and only the name is different:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | <?php namespace AppModels; // use IlluminateContractsAuthMustVerifyEmail; use IlluminateDatabaseEloquentFactoriesHasFactory; use IlluminateFoundationAuthUser as Authenticatable; use IlluminateNotificationsNotifiable; use LaravelSanctumHasApiTokens; class Customer extends Authenticatable { use HasApiTokens, HasFactory, Notifiable; /** * The attributes that are mass assignable. * * @var array<int, string> */ protected $fillable = [ 'name', 'email', 'password', ]; /** * The attributes that should be hidden for serialization. * * @var array<int, string> */ protected $hidden = [ 'password', 'remember_token', ]; /** * The attributes that should be cast. * * @var array<string, string> */ protected $casts = [ 'email_verified_at' => 'datetime', ]; } |
And there is already data in the customer table.
Use the new guard
Thus, we have declared the new guard. Next is to use this new guard. Simply go to the place where you use Auth::atempt and add guard and pass the guard name as the argument. Here, I use the name guard as customer, so I will have Auth::guard('customer')
1 2 | Auth::guard('customer')->attempt($this->only('email', 'password'), $this->boolean('remember')) |
I expect the result is that when I type the correct email and password, Laravel will create a session for me and then redirect back to the dashboard page. You try to login and check the session, you will see that we have created a session when typing the correct email and password. Unfortunately, it doesn’t redirect itself back to the customer’s dashboard.
The problem lies in the fact that we already have the session, redirected but did not pass through the middleware’s preliminary round. Let’s see what the /dashboard route has:
1 2 3 4 | Route::get('/dashboard', function () { return view('dashboard'); })->middleware(['auth', 'verified'])->name('dashboard'); |
Looking at the picture we can see, if you want to access the dashboard, you need to go through 2 middleware, auth and verified. Verified is used to make sure the user has verified the email, and auth is used to make sure the user has an identity on the website ie logged in. Looks like the verified middleware is not the problem since the account is verified. Then only middleware auth remains. The problem is that if you leave auth on it will pass an empty argument to the guard, so it will use the default guard because it can’t find any guard in its guard list. By default, it is not customer, so of course, it is not possible to use customer information to authenticate. Therefore, it is necessary to pass the parameter into this middleware that we want to use a guard named customer. To pass parameters to the middleware, we do the following:
1 2 3 4 | Route::get('/dashboard', function () { return view('dashboard'); })->middleware(['auth:customer', 'verified'])->name('dashboard'); |
Kiểm TRA
Looks delicious peach branch, let’s try. Go to the login page, enter the correct email and password, click login. Tada.
Epilogue
That’s all it takes to be able to multiple authentication in Laravel. If you have any questions, please comment below so I can answer.