Authenticating requesting user.

[Patskimoto]

Apologies if this is not a 'code' related issue but SO didn't have much information on this so I assumed this would be the best place to ask. I am confused as to how I am supposed to validate the user in the the AuthServiceProvider.php that lumen ships with so when the oauth endpoints are hit they can access the current user instance.

Your install instructions asks to use add the auth entry to the RouteMiddleware and when we use it the following code gets called

if ($this->auth->guard($guard)->guest()) {
    return response('Unauthorized.', 401);
}

To my understanding this will always be false because inside AuthServiceProvider.php the viaRequest always evaluating to false and never getting the opportunity to auth the requesting user.

Auth::viaRequest('api', function ($request) {
    if ($request->input('api_token')) {
        return User::where('api_token', $request->input('api_token'))->first();
    }
});

Apologies gain if this not so much of a code issue but more my understanding, I have gone over the install instructions over and over and not sure what I am doing wrong. Thank you.

[dusterio]

Lumen Passport includes all Laravel Passport bootstrap stuff, so it registers a correct authentication guard during the boot process. The viaRequest() part has no effect I suppose - since we are not referring to 'api' guard anywhere in the code. It will never be called

What are you trying to achieve?

[Patskimoto]

Thanks for replying. I think my confusion is around where to 'set' the requesting user so I can call endpoints that require $request->user() to be set as shown in PersonalAccessTokenController.

[Patskimoto]

Sorry for posting what appears to be my single issues as opposed to lumen-passport code issues but I have not had much luck with SO.

Can anyone give me an example of how they wrap a route with passport's middleware so that it checks the requesting users token? This seems to be my last hurdle for getting lumen-passport implemented into my project.

If I make the following call:

$app->get('v1/games/{id}', ['middleware' => 'auth:api', function () {
    // code
}]);

If goes into the handle() method inside my Authenticate.php middleware - but according to the passport documentation shouldn't passport be picking up this request and not my App\Middleware\Http\Authenticate.php?

If I follow passport's example of appending ->middleware('auth:api') on the end of the route declaration I get a could not find Request::handle() error.

Passport is selected in auth.php as the driver and it does appear to be loading it but I for the life of me cannot get passport to wrap around the routes. If someone could provide an example it would be greatly appreciated.

[az]

@Patskimoto it is actually handled by passport... due to config/auth.php settings (to be more specific.. 'guards' => [ 'api' ...].. and even if you do not specify a guard in routing ( auth instead auth:api) it will be still forwarded to api guard (handled by passport) as far it is the only guard defined)

it would be bad if you couldn't modify auth middleware ... and something happen too automagically :> one of the reason is changing unauthorized/401 response format to JSON, like following.

public function handle($request, Closure $next, $guard = null)
{
    if ($this->auth->guard($guard)->guest()) {

        return response()->json(["error"=>[
            "code" => 401,
            "message" => "Unauthorized"
        ]], 401);
    }

    return $next($request);
}

personally i havent encountered any problems when following steps from readme.

[Patskimoto]

@az Thanks for your reply. I now have a better idea of how this works and did not realize in the background it was applying the passport guard ontop of my Authenticate class. Upon further debugging I found it it was never working as the access token I was passing in the header was slightly incomplete. Thanks for your assistance.