Laravel: Understanding the Auth Guard

Stop cluttering your app with auth logic, just use the Auth Middleware.

  • using a combination of Sessions and Cookies, which is the old and most reliable way,
  • using a Token for a user to identify it, very goods to serve an API along with a web interface where the user can reroll the API Token,
  • and using the Request parameters to authenticate only for that Request.

How an Auth Guard works

  • The Guard itself, which manages the authentication procedures, “where” the credentials are in the Request.
  • The User Provider, that manages the “who” can authenticate and from “where” (database, API, who knows)
  • The Authenticatable, that manages the “what” to authenticate, like retrieving the password from the correct column or the “remember me” token.

The flow

Route::get('user/profile', 'UserController@profile')

The Guard contract

What can you do with a custom Guard?



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Italo Baeza Cabrera

Graphic Designer graduate. Full Stack Web Developer. Retired Tech & Gaming Editor.