This auth vendor used for laravel framework, to mix laravel sessions with api tokens, so you can use the same middleware and same routes to authenticate the request, if the request contains sessions cookie or it support an api token.
- More secure than default token auth in laravel since it using hashes for tokens.
- Support many tokens for the same account, so the devices will not share the same token.
- Support sessions if it exist in the request and there is no token entered.
- Support many ways to provide token thought url query, request body and request header.
- Support many guards.
- More customizable since you can specify expire time, max step time between requests.
- PHP >=7.1.3
- Laravel ^5.6
Require this package with composer.
composer require bnabriss/mix-auth
Laravel >5.5 uses Package Auto-Discovery, so doesn't require you to manually add the ServiceProvider. If you don't use auto-discovery, add the ServiceProvider to the providers array in config/app.php
Bnabriss\MixAuth\MixAuthProvider::class,
You can customize some settings of the vendor using config/mix-auth.php
that you can publish it using the publish command
php artisan vendor:publish --provider="Bnabriss\MixAuth\MixAuthProvider"
so we encourage you to read config file and learn more about customization After you customize you config you should migrate your database to add tokens table to your database using migration command
php artisan migrate
Note that migration depends on some configuration in config file, so we encourage you to re-migrate (refresh) database after you make changes in the config file.
The models that use this auth should use the HasMixAuth.php
trait in your model to add some helpful methods in your model
namespace App;
use Bnabriss\MixAuth\HasMixAuth;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
use HasMixAuth, Notifiable;
}
You can generate token for the user simply generate token of custom user or for authenticated user with specific guard.
// for custom user
\App\User::first()->generateToken('guard-name');
// for authenticated user
\App\User::generateTokenForAuth('guard-name');
Note that to use the guard you must specify it the config file so you can use it, by default the file contains only web guard, see user example in the config file itself.
Note that the generate token methods will not generate sessions if you disable the key
token_sessions
in the config or it already generated.
You can simply set the middleware for the route using the route-middleware, so the middleware will register the auth if the token exist. if the token has invalid value or expired the middleware will throw an exception
Route::get('/secure-page', function () {
return auth('guard-name')->check();
})->middleware('mix.auth:guard-name');
You can delete user token by using the defined relations token in the trait
$user->token()->delete();
or you can even delete all tokens for that user (including other devices' tokens) by
$user->tokens()->delete();
You may need to disable api middleware
auth:api
if you need to use this vendor to api route