I'm really new building laravel apps, I have a restful laravel API and a web app, I want the client web app to authenticate against the API and store the user in the session, I've registered a new UserProvider and set it on the config`s auth like bellow
ServiceProvider
public function boot()
{
$this->registerPolicies();
Auth::provider('apiAuthServiceProvider', function ($app, $config) {
return new UserProvider(new ApiUserService());
});
}
Config/Auth
'providers' => [
'users' => [
'driver' => 'apiAuthServiceProvider',
],
],
UserProvider Class
<?php
namespace App\Providers;
use Illuminate\Support\ServiceProvider;
use Illuminate\Contracts\Auth\UserProvider as IlluminateUserProvider;
class UserProvider implements IlluminateUserProvider
{
private $userService;
public function __construct($userService)
{
$this->userService = $userService;
}
/**
* @param mixed $identifier
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveById($identifier)
{
// Get and return a user by their unique identifier
}
/**
* @param mixed $identifier
* @param string $token
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveByToken($identifier, $token)
{
// Get and return a user by their unique identifier and "remember me" token
}
/**
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @param string $token
* @return void
*/
public function updateRememberToken(Authenticatable $user, $token)
{
// Save the given "remember me" token for the given user
}
/**
* Retrieve a user by the given credentials.
*
* @param array $credentials
* @return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveByCredentials(array $credentials)
{
// Get and return a user by looking up the given credentials
}
/**
* Validate a user against the given credentials.
*
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @param array $credentials
* @return bool
*/
public function validateCredentials(Authenticatable $user, array $credentials)
{
// Check that given credentials belong to the given user
}
}
The Custom UserProvider injects a UserService class, with is responsible for making requests to the API and return the user...
I`m so lost, what UserProvider methods should i override from "UserProvider" Interface? "retrieveById", "retrieveByToken", "updateRememberToken", "retrieveByCredentials" and "validateCredentials" ? Or should I override all of them? Considering the the client web app will have a login form, and the user will authenticate sending the email and password (grant_type = password), I'm also confusing about the token, how should I store the token and refresh token in the session? Is that possible to set session timeout as the same as the token expiration time? Where would I call the retrieveByCredentials's UserProvider to pass the authentication params? Thanks in advance....
You should override only the functions you need. Most of the standard functionality should be already defined in the User Provider you are inheriting from. I've only inherited my custom user providers from Illuminate\Auth\EloquentUserProvider (Laravel 5.4 here), so please double check how the class you are inheriting from works. If, for example, you need to retrieve your user by an ID different than your default id field, you should override retrieveById.