In laravel, an “auth guard” is a security feature that determine how users are authenticated and authorised within your application. Laravel provides a flexible authentication system that supports multiple guards, allowing you to define different ways to authenticate users based on their roles, access levels, or authentication sources.

The primary purpose of an auth guard is to define where and how user authentication information is stored and retrieved. Different types of users, such as regular users, administrators, or API clients, might need different methods of authentication, and Laravel’s auth guards facilitate this.

In the realm of web development, particularly in frameworks like Laravel, an authentication guard is used to manage user authentication and authorization. Let’s break down the concepts:

1. Authentication: Authentication is the process of verifying the identity of a user or system. It ensures that the person or system trying to access a resource is indeed who they claim to be. Common authentication methods include using passwords, tokens, or third-party services (like social media logins).
2. Authorization: Authorization, on the other hand, comes after authentication. Once a user’s identity is confirmed, authorization determines what actions that user is allowed to perform and what resources they can access. It enforces permissions and access control rules.

Authentication guards are part of the process that combines both authentication and authorization. In a web framework like Laravel, authentication guards:

• Authenticate Users: They verify the identity of users based on provided credentials (such as usernames and passwords). Once authenticated, the user is typically granted a token or a session that confirms their authenticated status.
• Provide Access Control: They determine what actions and resources an authenticated user is allowed to access. Guards help enforce rules like user roles (e.g., admin, regular user) and permissions (e.g., read, write) associated with those roles.

Laravel comes with several built-in auth guards, including:

1. Web Guard: This is the default guard for web applications. It uses sessions to keep track of authenticated users. The auth middleware is typically associated with the web guard.
2. API Guard:Designed for APIs, this guard authenticates users using tokens, typically sent as headers in API requests. The auth:api middleware is used for this guard.
3. Token Guard: Similar to the API guard, the token guard is used to authenticate users via tokens. It can be useful when you need multiple authentication methods.
4. Session Guard: The session guard is used to authenticate users using traditional session-based authentication. This is usually used for web applications.
5. Remember Me Guard: This guard is used to implement the “remember me” functionality during user login. It extends the session guard.

You can also create custom auth guards if you have specific authentication requirements that are not covered by the built-in guards. This flexibility allows you to cater to various authentication scenarios and integrate with different sources, such as database, APIs, or other authentication services.

To configure and use auth guards, you define them in the `config/auth.php` configuration file. You can set the default guard, specify guards for specific authentication scenarios, and configure their behavior and authentication providers.

Here’s a basic example of how you might use the web guard in a route definition:

Route::middleware('auth')->group(function () {
    // Routes that require authentication
});

And for the API guard:

Route::middleware('auth:api')->group(function () {
    // Routes that require API authentication
});

In these examples, the ‘auth' and 'auth:api' middleware are using the web and API guards , respectively, to authenticate users before allowing access to the associated routes.

Define the Guard :

You can create a api guard that uses token authentication by default:

'guards' => [
    
    'api' => [
        'driver' => 'token', 
        'provifer' => 'user'
    ],
],

Define the Provider:

Providers are the central place to configure your application.  you can define a user provider that uses the EloquentUserProvider and the user table:

'providers' => [
 
    
    'user' => [
        'driver' => 'eloquent',
        'model' => App\Models\User::class,
    ],
],

Define a Middleware:

Middleware checks if the user is authenticated and authorized to access the requested resource.

php artisan make:middleware ApiMiddleware

public function control($request, Closure $next){
    if(auth()->guard('api')->check()){
        return $next($request)
    }
}

Now you can use your guard in routes or controllers:

Route::middleware('auth:api-key')->get('/protected', 'ProtectedController@index');

In summary, an auth guard in Laravel is a fundamental concept that allows you to control how users are authenticated and authorized based on the requirements of your application. It provides the necessary infrastructure to manage user sessions, tokens, and other authentication mechanisms.

The post What is Auth Guard in Laravel? appeared first on Ninexus-Solutions.