Search code examples
phplaravelgraphqllaravel-lighthouse

Error with authenticated user using guard and can to access to some model

I'm using lighthouse-php to make a graphql api and I'm having a trouble changing middleware (it will be deprecated in new versions) directive to guard.

extend type Query @middleware(checks: ["auth:api"]) {
    task(id: ID @eq): Task @can(ability: "view" find:"id") @find
    mytasks: [Task!]!
}

Using this code works well. I mean, the system checks if the user is logged and check against the policy if the user can access to their task, but when I try to change the @middleware directive to @guard directive like this: 

extend type Query @guard(with: ["api"]){
    task(id: ID @eq): Task @can(ability: "view" find:"id") @find
    mytasks: [Task!]!
}

Always return that the user is unauthenticated. But, in the last case if I remove the @can directive the system check if the user is logged or not (but I need to check against the policy if the user can access the specified task).

I'm using these versions of packages:

"joselfonseca/lighthouse-graphql-passport-auth": "^3.0",
    "laravel/framework": "^6.2",
    "laravel/passport": "^8.2",
    "laravel/tinker": "^2.0",
    "mll-lab/laravel-graphql-playground": "^2.0",
    "nuwave/lighthouse": "^4.8"

Have somebody experimented with this trouble? thanks.

Solution

  • I solved it.

    we must to set up the config/auth.php file with the following:

    /*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/

'defaults' => [
    'guard' => 'api',
    'passwords' => 'users',
],

/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
        'hash' => false,
    ],
],