Sunjid Shibly
Sunjid Shibly

Reputation: 57

How to authenticate multiple type of user with same auth guard [Lumen]

I am developing an API Application using Lumen 8. I have 3 types of users. For them, I use 3 different Models. I am using JWT authentication [packege- tymon/jwt-auth].

Here is my Auth.php config. I use 3 types of auth guard

return [
'defaults' => [
    'guard' => env('AUTH_GUARD', 'user'),
    'passwords' => 'users',

'guards' => [
    'user' => [
        'driver' => 'jwt',
        'provider' => 'users',
    'vendor_user' => [
        'driver' => 'jwt',
        'provider' => 'vendor_users',
    'super_user' => [
        'driver' => 'jwt',
        'provider' => 'super_users',

'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => \App\Models\User::class
    'vendor_users' => [
        'driver' => 'eloquent',
        'model' => \App\Models\VendorUser::class
    'super_users' => [
        'driver' => 'eloquent',
        'model' => \App\Models\SuperUser::class
'passwords' => [
    'users' => [
        'provider' => 'users',
        'table' => 'password_resets',
        'expire' => 60,
        'throttle' => 60,
    'vendor_users' => [
        'provider' => 'vendor_users',
        'table' => 'password_resets',
        'expire' => 60,
        'throttle' => 60,
    'super_users' => [
        'provider' => 'super_users',
        'table' => 'password_resets',
        'expire' => 60,
        'throttle' => 60,
'password_timeout' => 10800,


For login, I use 3 different routes using the mentioned auth guard.

    protected function login(Request $request, $guard = 'user')
    //validate incoming request
    $this->validate($request, [
        'email' => 'required|string',
        'password' => 'required|string',

    $credentials = $request->only(['email', 'password']);

    if (! $token = Auth::guard($guard)->attempt($credentials)) {
        return response()->json(responseFormat(ERROR,___('Unauthorized')), 401);

    return $this->respondWithToken($token);

public function userLogin(Request $request)
    return $this->login($request,'user');

public function superUsersLogin(Request $request)
    return $this->login($request,'super_user');

public function vendorUsersLogin(Request $request)
    return $this->login($request,'vendor_user');

I have managed to get a token for successful login from all 3 types of users.

But I am facing a problem when I authenticate all user using Authenticate middleware

public function handle($request, Closure $next, $guard = null)
    if ($this->auth->guard($guard)->guest()) {
        return response(responseFormat(ERROR,'Unauthorized.'), 401);

    return $next($request);

It only works for the default auth-guard type user (which is user guard). If I want to authenticate other user types I had to use a different route and mention which auth-guard to use.

$router->group(['middleware' => 'auth','prefix' => 'api'], function ($router)
    $router->get('/send-email', 'EmailController@sendEmail');
    $router->get('/users', 'UsersController@users');

$router->group(['middleware' => 'auth:vendor_user','prefix' => 'api/vendor'], function ($router)
    $router->get('/send-email', 'EmailController@sendEmail');
    $router->get('/users', 'UsersController@users');

$router->group(['middleware' => 'auth:super_user','prefix' => 'api/super_user'], function ($router)
    $router->get('/send-email', 'EmailController@sendEmail');
    $router->get('/users', 'UsersController@users');


Is there any way where I can authenticate all 3 types of users for the same route? so that I don't have to a different route for each type of user.

$router->group(['middleware' => 'auth','prefix' => 'api'], function ($router)
    $router->get('/send-email', 'EmailController@sendEmail');
    $router->get('/users', 'UsersController@users');

Like this API can be used by all 3 types of users and authenticated by the same auth-guard or some other ways.

BS: I must use 3 different tables for 3 types of users.

Upvotes: 2

Views: 2470

Answers (1)

Abu Jobayer Bin Ali
Abu Jobayer Bin Ali

Reputation: 36

Create a separate middleware to attempt the credential. Then, set the default guard Auth should use. You don't have to pass the guard to login.

In LoginController

    public function  __construct()

SetAuthGuard middleware

    public function handle(Request $request, Closure $next, ...$guards)
        $guards = empty($guards) ? [null] : $guards;
        $credentials = $request->only('email','password');
        foreach ($guards as $guard) {
            if (Auth::guard($guard)->attempt($credentials)) {
        return $next($request);

Upvotes: 2

Related Questions