The ‘guards’ array allows you to define multiple guards, each representing a different way to authenticate users. By default, Laravel provides two guards: ‘web’ and ‘api’.
‘web‘ Guard: The ‘web’ guard is used for authenticating users using session-based authentication. It is commonly used for web applications where users authenticate via a login form and the session is maintained throughout their browsing session. This guard uses Laravel’s default session driver for managing user sessions.
‘api‘ Guard: The ‘api’ guard is used for authenticating API requests using token-based authentication. It is typically used for stateless APIs where clients authenticate by sending an API token with each request. The ‘api’ guard uses token-based authentication mechanisms like JSON Web Tokens (JWT) or API tokens generated by Laravel’s Passport package.
You can also define custom guards in the ‘guards’ array according to your application’s requirements. For example, you might create a ‘admin’ guard to authenticate administrators separately from regular users.
Here’s an example configuration of the ‘guards’ array in config/auth.php
:
Multiple Guards Example
‘guards’ => [ ‘web’ => [ ‘driver’ => ‘session’, ‘provider’ => ‘users’, ], ‘api’ => [ ‘driver’ => ‘token’, ‘provider’ => ‘api_users’, ], ‘admin’ => [ ‘driver’ => ‘session’, ‘provider’ => ‘admin_users’, ], ],In this example, we have defined three guards:
‘web’: Uses the session driver and retrieves users from the ‘users’ provider.
‘api’: Uses the token driver and retrieves users from the ‘api_users’ provider.
‘admin’: Uses the session driver and retrieves users from the ‘admin_users’ provider.
Utilizing Guards in Laravel: Once you have defined multiple guards, you can utilize them in your application by specifying the guard name when performing authentication checks or specifying the guard in routes, controllers, or middleware.
if (Auth::guard(‘web’)->check()) { // User is authenticated using the ‘web’ guard } else { // User is not authenticated }Route Middleware Example:
Route::group([‘middleware’ => ‘auth:api’], function () { // Routes that require authentication using the ‘api’ guard });