I am using laravel 10.17.1 and for api using 11.*.
I have add multi authenticate for passport like this in config/auth.php :
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'user-api' => [
'driver' => 'passport',
'provider' => 'users',
],
'customer' => [
'driver' => 'session',
'provider' => 'customers',
],
'customer-api' => [
'driver' => 'passport',
'provider' => 'customers',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => User::class,
],
'customers' => [
'driver' => 'eloquent',
'model' => Customer::class,
],
],
And also add scope app/Providers/AuthServiceProvider.php :
public function boot(): void
{
Passport::tokensCan([
'user' => 'User Type',
'customer' => 'Customer User Type',
]);
}
Add scope class in app/Http/Kernel.php in $middlewareAliases array for passport :
'scopes' => LaravelPassportHttpMiddlewareCheckScopes::class,
'scope' => LaravelPassportHttpMiddlewareCheckForAnyScope::class,
Add routes for api :
Route::middleware([
'api',
])->prefix('api')->group(function () {
Route::post('customer/login',[ApiAuthController::class, 'customerLogin'])->name('customer.Login');
Route::group( ['prefix' => 'customer','middleware' => ['auth:customer-api','scopes:customer'] ],function(){
Route::get('dashboard',[ApiCustomerController::class, 'clientDashboard']);
Route::get('/',[ApiCustomerController::class, 'getCustomer']);
});
});
Function view like this ApiAuthController.php :
public function customerLogin(Request $request)
{
$validator = Validator::make($request->all(), [
'email' => 'required|email',
'password' => 'required',
]);
if($validator->fails()){
return response()->json(['error' => $validator->errors()->all()]);
}
$credentials = $request->only(['email', 'password']);
if (Auth::guard('customer')->attempt($credentials)) {
$tokenMenager = Auth::guard('customer')->user()->createToken('cutomerToken', ['customer']);
$success ['token'] = $tokenMenager->accessToken;
$success ['customer'] = Auth::guard('customer')->user();
return $this->sendResponse($success, "Customer login successfully.");
} else {
return response()->json([
'error' => 'Incorrect email or password.',
], 401);
}
}
Function view like this ApiCustomerController.php :
/**
* Get customer data
*/
public function getCustomer()
{
return $this->sendResponse(auth()->user(), 'Customer collection');
}
And also changed Authenticate.php Middleware file like this :
protected function redirectTo(Request $request): ?string
{
if ($request->expectsJson()) {
return null;
} else {
if ($request->is('api/*')) {
return response()->json([
'status' => 401,
'message' => 'Unauthorized',
], 401);
// return response()->json(['success' => false, 'message' => "Unauthorized Request"], 401);
} elseif ($request->getHttpHost() == config('constants.app_host')) {
return route('admin.login');
} else {
return route('login');
}
}
}
When I hit login api I got token in response and than add token in get customer api, this api check authentication if I don’t sent token with request It will redirect to login page because I have changed Authenticate.php file now I also update for api request and I have added response as json but in response, I am getting error :
ErrorException: Header may not contain more than a single header, new line detected in file /var/www/html/photoapp/vendor/symfony/http-foundation/Response.php on line 376
How can I send error message in response if customer unauthorized ?