Laravel Auth – Custom authentication guards

In Laravel, authentication guards define how users are authenticated for each request. By default, Laravel ships with a web guard (for sessions and cookies) and an api guard (for token-based authentication). However, you can create custom authentication guards for specific authentication needs, such as using different user types (e.g., admins and regular users) or custom authentication logic.

 

Steps to Create a Custom Authentication Guard

1. Modify auth.php Configuration

The config/auth.php file contains the authentication guards and providers configuration. You’ll need to define a custom guard here.

Example: Create a custom admin guard for admin users.

In this configuration:

  • A new admin guard is defined with a session driver (same as web).
  • A new admins provider is defined, using the Admin model for authentication.

2. Create the Admin Model

You’ll need a model to represent the admins table. Create a model for Admin using Laravel’s Artisan command:

 

 

Then, define the Admin model (e.g., app/Models/Admin.php):

 

 

3. Create an Admin Login Controller

Next, create a controller for handling admin authentication. You can extend Laravel’s Auth functionality:

 

 

In AdminAuthController.php, add methods to handle login, logout, and authentication:

 

 

4. Routes for Admin Authentication

In your routes/web.php file, add routes to handle the admin login and logout:

 

 

5. Admin Dashboard Route (Middleware Protection)

Ensure that the admin dashboard is protected by the admin guard. You can do this by adding middleware to routes for admin areas:

 

 

6. Admin Login View

Create the resources/views/auth/admin-login.blade.php view for the admin login page:

 

 

7. Custom Guard Usage

Now, whenever you need to authenticate admin users, use the admin guard:

 

 

Summary of Steps:

  1. Define a Custom Guard: Modify config/auth.php to add a custom guard and provider.
  2. Create a Model: Set up a model like Admin to represent the users for that guard.
  3. Create a Controller: Handle login, logout, and authentication logic.
  4. Set Up Routes: Define routes for the login, logout, and admin dashboard.
  5. Create Login View: Build a form for admin login.
  6. Protect Admin Routes: Use middleware to protect routes.

 

Output:

The output of setting up custom authentication guards in Laravel involves a series of results visible at different stages of the process, such as when users attempt to authenticate, access protected routes, or perform certain actions.

1. Login Page (Admin Login Form)

When you navigate to the custom admin login route (e.g., /admin/login), you will see a login form that allows the admin to enter their email and password:

2. Successful Admin Login

When the admin successfully logs in by entering the correct email and password, they will be redirected to the admin dashboard (/admin/dashboard). The dashboard page could look like this:

3. Failed Admin Login

If the admin enters invalid credentials (wrong email or password), the system will display an error message and reload the login page:

4. Accessing Protected Routes (Dashboard) Without Authentication

If an admin tries to access the dashboard (/admin/dashboard) without being logged in, they will be redirected to the login page with an error message or redirection logic:

This happens because the dashboard route is protected by the auth:admin middleware, which requires authentication through the admin guard.

5. Successful Logout

After logging in as an admin, when the admin logs out (via /admin/logout), they will be logged out successfully and redirected to the login page or a designated logout page:

6. Checking Authentication in Code

In your code, when you check if the admin is authenticated using the custom admin guard:

The output will reflect whether an admin is logged in or not based on the session:

  • If logged in: "Admin is logged in!"
  • If not logged in: "No admin is logged in!"

7. Redirects and Middleware Output

When the auth:admin middleware is applied to the dashboard route, and an unauthenticated admin tries to access it, they will be redirected back to the login page (/admin/login) with appropriate redirection messages.


Summary of Outputs:

  1. Admin Login Page: Displays the custom login form.
  2. Successful Login: Redirects to the admin dashboard with a success message.
  3. Failed Login: Shows an error message on the login form.
  4. Accessing Protected Route Without Login: Redirects to the login page.
  5. Successful Logout: Logs out the admin and redirects to the login page.
  6. Code Checks: Outputs whether the admin is logged in or not.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top