A Guide to Work with Custom Auth/Guard in Laravel

A Guide to Work with Custom Auth/Guard in Laravel

Introduction

The default authentication flow that comes with the default Laravel is sufficient for most cases, but there are certain situations where you need to implement a Custom Auth.

A proper use case for this would be: if we want to build a School management system, where there are users like admins, teachers, students, etc and we want to define a separate panel for each of them with proper authentication/authorizations.

We could define roles for these and implement the checks accordingly, but this would create problems soon and we'll have a hard time making it flexible.

Defining guards for each user in this case would make it more maintainable, so in this blog, we'll be looking at how to define custom guards and attach them to a model.

Configuration

Let's start by defining a model that we'll be attaching our custom guard with later, and we'll name this model CustomModel

This is gonna be almost similar to the default User model, and we'll need the basic fields like email and password since these are necessary for authentication.

The CustomUser model looks like this for now:

<?php

namespace App\Models;

use App\Notifications\VerifyEmail;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Factories\HasFactory;

class CustomUser extends Model
{
    use HasFactory;

    protected $fillable = [
        'name',
        'email',
        'password',
    ];

    protected $hidden = [
        'password',
        'remember_token',
    ];

    protected $casts = [
        'email_verified_at' => 'datetime',
        'password' => 'hashed',
    ];
}

Defining the Custom Guard

Let's go ahead and look into the auth.php config file, this is where all the auth-related stuff is configured.

Inside the guards key, a default web guard is defined for us, and this is where we'll add our own custom guard.

So, let's define a new guard called customGuard and pass the driver as session and name the provider as customUsers (we'll work on this provider thing later).

The guards array looks like this after defining our custom guard:

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
        'customGuard' => [
            'driver' => 'session',
            'provider' => 'customUsers',
        ],
    ],

Let's now look into the providers array:

'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],

        // 'users' => [
        //     'driver' => 'database',
        //     'table' => 'users',
        // ],
    ],

Let's define a new provider, with the name provided above, called customUsers

'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],
        'customUsers' => [
            'driver' => 'eloquent',
            'model' => App\Models\CustomUser::class,
        ],
    ],

The driver here is eloquent, and the model referenced here is the CustomUser model that we defined earlier, and these are the only changes that we need to make to the auth.php config file.

Let's now make the necessary changes to the CustomUser model.

Configuring the CustomUser Model

The last thing remaining here is to make the necessary changes to the model that we want to assign the custom guard to.

We need to override the $guard property with the name of the guard that we defined in the auth.php config file, and we should extend the Illuminate\Foundation\Auth\User instead of the default Model.

After making these changes, the CustomUser model looks like this:

<?php

namespace App\Models;

use Illuminate\Foundation\Auth\User;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;

class CustomUser extends User
{
    use HasFactory;

    protected $guard = 'customUserAuth';

    protected $fillable = [
        'name',
        'email',
        'password',
    ];

    protected $hidden = [
        'password',
        'remember_token',
    ];

    protected $casts = [
        'email_verified_at' => 'datetime',
        'password' => 'hashed',
    ];
}

This Illuminate\Foundation\Auth\User class consists of some helper methods that will let us implement password resets, send verification emails, and other stuff related to authentication.

Conclusion

And that's it, we've finally configured our custom guard.

Now, whenever we want to reference this custom guard, we can pass it inside the guard method, like so:


// accessing the currently authenticated user
Auth::guard('customGuard)->user();

// using the auth() helper
auth()->guard('customGuard')->user();

// the login attempt snippet
auth()->guard('customGuard')->attempt([
    'email' => $request->email,
    'password' => $request->password
]);
🔥 New Course Alert
★★★½☆3.9/5

Custom Auth Implementation In Laravel : A Practical Guide

Learn how to implement Custom Authentication System in Laravel using Custom Guards

30-Day Money Back
20+ Students
Limited Time
80% OFF
Enroll Now
I
Isaac E.
★★★★★

GOOD