Introduction to Multiple Authentication Guards in Laravel
Guards are used for authentication, and Laravel provides a built-in way to define multiple guards for different types of users.
In Laravel, you can use middleware to implement guards for different types of users, such as regular users and administrators.We need to define separate models for users and admins.
Models for User and Admin
//User
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable;
protected $fillable = ['name','email','password','image'];
}
// Admin
class Admin extends Authenticatable
{
use HasFactory;
protected $fillable = ['name', 'email', 'password','image'];
}
Make sure both models extent Authenticatable class.
Define Guards in config/auth.php
Open the config/auth.php file and define your guards.
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
],
//define the providers for each guard.
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'admins' => [
'driver' => 'eloquent',
'model' => App\Models\Admin::class,
],
],
Middlewares
You can create middleware to protect routes based on the guards.Here we had created two middlewares for admin.
class AdminAuthenticate extends Middleware
{
protected function redirectTo(Request $request): ?string
{
return $request->expectsJson() ? null : route('admin.login');
}
protected function authenticate($request, array $guards)
{
if ($this->auth->guard('admin')->check()) {
return $this->auth->shouldUse('admin');
}
$this->unauthenticated($request, ['admin']);
}
}
class AdminRedirectIfAuthenticated
{
public function handle(Request $request, Closure $next, string ...$guards): Response
{
if (Auth::guard('admin')->check()) {
return redirect()->route('home');
}
return $next($request);
}
}
You can also modify RedirectIfAuthenticated middleware if you want to specify the gaurd.
<?php
class RedirectIfAuthenticated
{
public function handle(Request $request, Closure $next, string ...$guards): Response
{
// $guards = empty($guards) ? [null] : $guards;
// foreach ($guards as $guard) {
// if (Auth::guard($guard)->check()) {
// return redirect(RouteServiceProvider::HOME);
// }
// }
if (Auth::guard('web')->check()) {
return redirect()->route('dashboard');
}
return $next($request);
}
}
Now we need to register the middlewares.Goto to your app/http/kernel.php.
'admin.auth' => \App\Http\Middleware\AdminAuthenticate::class,
'admin.guest' => \App\Http\Middleware\AdminRedirectIfAuthenticated::class,
Middleware
Apply the middleware to your routes in web.php.
Route::middleware('admin.guest')->prefix('admin')->group(function () {
Route::get('/login', [AdminAuthController::class, 'login'])->name('admin.login');
Route::post('/login', [AdminAuthController::class, 'authenticate'])->name('admin.authenticate');
});
Route::middleware('admin.auth')->prefix('admin')->group(function () {
Route::get('/home', [HomeController::class, 'index'])->name('home');
});
Authentication
When authenticating users or admins, specify the guard.
if (Auth::guard('admin')->attempt($credentials)) {
$request->session()->regenerate();
return redirect()->route('home');
}
public function logout(Request $request): RedirectResponse
{
auth()->guard('admin')->logout();
$request->session()->invalidate();
return redirect()->route('admin.login');
}
By following these steps, you can establish separate authentication systems for regular users and administrators in your Laravel application.
