Reputation: 376
Laravel Auth Middleware "auth:api"
I have a route which is as follows
Route::group(['middleware' => ['auth:api']], function(){
Route::post('getList','SomeController@someAction')->name('logout');
});
when I call it without token, it fails which is expected behavior.
But when I call it having following code-base
Route::group(['middleware' => ['auth','api']], function(){
Route::post('getList','SomeController@someAction')->name('logout');
});
without token, it does not fail and return required data.
What is difference between ['auth:api'] and ['auth','api'] ?
P.S : In both cases, I am sending Session-Cookie.
Upvotes: 1
Views: 6002
Answers (1)
Reputation: 1789
To answer your above question it is quite fundamental to understand laravel's basic authentication system and how middleware works.
In short auth is a middleware that is first defined in App\Http\Kernel and then api is the guard passed to the middleware. The api configuration can be found in config/auth.php
api is the middleware used for all api routes, this means those routes can't be accessed by using the in a url bar
In your Case
Route::group(['middleware' => ['auth:api']], function(){
Route::post('getList','SomeController@someAction')->name('logout');
});
Means that you are loading authentication for API. Which means you will be authenticating your users based on token rather than user session. This way you will not be able to access sites using link url on your browser. So, firstly you defined you want to use authentication "auth" and then you declared that you want to use api guard on auth. API guard for auth is defined in config/auth.php
Next thing
Route::group(['middleware' => ['auth','api']], function(){
Route::post('getList','SomeController@someAction')->name('logout');
});
On the above question you are grouping the middlewares based on their name you mentioned on HTTP/Kernel.php
['middleware' => ['auth','api']
This means that all your routes pass through middleware called auth and api.
So you probably have this in your HTTP/Kernal.php
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];
It means that you are grouping auth and api together in same middleware for all the routes you define underneath it.
Upvotes: 3
Related Questions
- laravel passport optional authentication
- Laravel API with Bearer token - Middleware auth:api
- Laravel Passport "auth:api" middleware acts as "web, auth" middleware
- laravel passport api authentication
- Laravel Passport: auth:api behaving like auth:web
- Laravel Passport add a middleware to the default auth/token route
- Using client credentials middleware for all API requests
- Laravel API Passport Token
- Laravel 5.4 401/Unauthenticated using Passport and multiple token types
- Laravel Middleware Auth for API