How to Create a Custom Authentication Guard in Laravel

In this article, we’re going to cover the authentication system in the Laravel framework. The main aim of this article is to create a custom authentication guard by extending the core authentication system.

Laravel provides a very solid authentication system in the core that makes the implementation of basic authentication a breeze. In fact, you just need to run a couple of artisan commands to set up the scaffolding of an authentication system.

Moreover, the system itself is designed in such a way that you could extend it and plug in your custom authentication adapters as well. That’s what we’ll discuss in detail throughout this article. Before we go ahead and dive into the implementation of the custom authentication guard, we’ll start with a discussion of the basic elements in the Laravel authentication system—guards and providers.

The Laravel authentication system is made up of two elements at its core—guards and providers.

You could think of a guard as a way of supplying the logic that’s used to identify the authenticated users. In the core, Laravel provides different guards like session and token. The session guard maintains the state of the user in each request by cookies, and on the other hand the token guard authenticates the user by checking a valid token in every request.

So, as you can see, the guard defines the logic of authentication, and it’s not necessary that it always deals with that by retrieving valid credentials from the back end. You may implement a guard that simply checks the presence of a specific thing in request headers and authenticates users based on that.

Later in this article, we’ll implement a guard that checks certain JSON parameters in request headers and retrieves the valid user from the MongoDB back end.

If the guard defines the logic of authentication, the authentication provider is responsible for retrieving the user from the back-end storage. If the guard requires that the user must be validated against the back-end storage then the implementation of retrieving the user goes into the authentication provider.

Laravel ships with two default authentication providers—Database and Eloquent. The Database authentication provider deals with the straightforward retrieval of the user credentials from the back-end storage, while Eloquent provides an abstraction layer that does the needful.

In our example, we’ll implement a MongoDB authentication provider that fetches the user credentials from the MongoDB back end.

So that was a basic introduction to guards and providers in the Laravel authentication system. From the next section onwards, we’ll focus on the development of the custom authentication guard and provider!

Let’s have a quick look at the list of files that we’ll implement throughout the course of this article.

  • config/auth.php: It’s the authentication configuration file in which we’ll add an entry of our custom guard.
  • config/mongo.php: It’s the file that holds the MongoDB configuration.
  • app/Services/Contracts/NosqlServiceInterface.php: It’s an interface that our custom Mongo database class implements.
  • app/Database/MongoDatabase.php: It’s a main database class that interacts with MongoDB.
  • app/Models/Auth/User.php: It’s the User model class that implements the Authenticable contract.
  • app/Extensions/MongoUserProvider.php: It’s an implementation of the authentication provider.
  • app/Services/Auth/JsonGuard.php: It’s an implementation of the authentication guard driver.
  • app/Providers/AuthServiceProvider.php: This is an existing file that we’ll use to add our service container bindings.
  • app/Http/Controllers/MongoController.php: It’s a demo controller file that we’ll implement to test our custom guard.

Don’t worry if the list of the files doesn’t make much sense yet as we’ll discuss everything in detail as we go through it.

In this section, we’ll go through the implementation of the required files.

The first thing that we need to do is to inform Laravel about our custom guard. Go ahead and enter the custom guard details in the config/auth.php file as shown.

As you can see, we’ve added our custom guard under the custom key.

Next, we need to add an associated provider entry in the providers section.

We’ve added our provider entry under the mongo key.

Finally, let’s change the default authentication guard from web to custom.

Of course, it won’t work yet, as we’ve not implemented the necessary files yet. And that’s what we’ll discuss in the next couple of sections.

In this section, we’ll implement the necessary files that talk to the underlying MongoDB instance.

Let’s first create a configuration file config/mongo.php that holds the default MongoDB connection settings.

Of course, you need to change the placeholder values as per your settings.

Instead of directly creating a class that interacts with MongoDB, we’ll create an interface in the first place.

The benefit of creating an interface is that it provides a contract that a developer must adhere to while implementing it. Also, our implementation of MongoDB could be easily swapped with another NoSQL implementation if needed.

Go ahead and create an interface file app/Services/Contracts/NosqlServiceInterface.php with the following contents.

It’s a pretty simple interface that declares the basic CRUD methods that a class must define that implements this interface.

Now, let’s define an actual class at app/Database/MongoDatabase.php.

Of course, I assume that you’ve installed MongoDB and the corresponding MongoDB PHP extension.

The __construct method instantiates the MongoClient class with the necessary parameters. The other important method we’re interested in is the find method, which retrieves the record based on the criteria provided as method arguments.

So that was the implementation of the MongoDB driver, and I tried to keep it as simple as possible.

Adhering to the standards of the authentication system, we need to implement the User model that must implement the Illuminate\Contracts\Auth\Authenticatable contract.

Go ahead and create a file app/Models/Auth/User.php with the following contents.

You should have already noticed that App\Models\Auth\User implements the Illuminate\Contracts\Auth\Authenticatable contract.

Most of the methods implemented in our class are self-explanatory. Having said that, we’ve defined the fetchUserByCredentials method, which retrieves the user from the available back end. In our case, it’ll be a MongoDatabase class that’ll be called to retrieve the necessary information.

So that’s the implementation of the User model.

As we discussed earlier, the Laravel authentication system consists of two elements—guards and providers.

In this section, we’ll create an authentication provider that deals with the user retrieval from the back end.

Go ahead and create a file app/Extensions/MongoUserProvider.php as shown below.

Again, you need to make sure that the custom provider must implement the Illuminate\Contracts\Auth\UserProvider contract.

Moving ahead, it defines two important methods—retrieveByCredentials and validateCredentials.

The retrieveByCredentials method is used to retrieve the user credentials using the User model class that was discussed in the earlier section. On the other hand, the validateCredentials method is used to validate a user against the given set of credentials.

And that was the implementation of our custom authentication provider. In the next section, we’ll go ahead and create a guard that interacts with the MongoUserProvider authentication provider.

As we discussed earlier, the guard in the Laravel authentication system provisions how the user is authenticated. In our case, we’ll check the presence of the jsondata request parameter that should contain the JSON-encoded string of the credentials.

In this section, we’ll create a guard that interacts with the authentication provider that was just created in the last section.

Go ahead and create a file app/Services/Auth/JsonGuard.php with the following contents.

First of all, our class needs to implement the Illuminate\Contracts\Auth\Guardinterface. Thus, we need to define all the methods declared in that interface.

The important thing to note here is that the __construct function requires an implementation of Illuminate\Contracts\Auth\UserProvider. In our case, we’ll pass an instance of App\Extensions\MongoUserProvider, as we’ll see in the later section.

Next, there’s a function getJsonParams that retrieves the user credentials from the request parameter named jsondata. As it’s expected that we’ll receive a JSON encoded string of the user credentials, we’ve used the json_decodefunction to decode the JSON data.

In the validate function, the first thing we check is the existence of the $credentials argument. If it’s not present, we’ll call the getJsonParams method to retrieve user credentials from the request parameters.

Next, we call the retrieveByCredentials method of the MongoUserProviderprovider that retrieves the user from the MongoDB database back end. Finally, it’s the validateCredentials method of the MongoUserProvider provider that checks the validity of the User.

So that was the implementation of our custom guard. The next section describes how to stitch these pieces together to form a successful authentication system.

So far, we’ve developed all the elements of the custom authentication guard that should provide us a new authentication system. However, it won’t work out of the box as we need to register it in the first place using the Laravel service container bindings.

As you should already know, the Laravel service provider is the right place to implement the necessary bindings.

Go ahead and open the file app/Providers/AuthServiceProvider.php that allows us to add authentication service container bindings. If it doesn’t contain any custom changes, you could just replace it with the following contents.

Let’s go through the boot method that contains most of the provider bindings.

To start with, we’ll create bindings for the App\Database\MongoDatabase and App\Models\Auth\User elements.

It’s been a while that we’ve been talking about provider and guard, and it’s time to plug our custom guard into the Laravel authentication system.

We’ve used the provider method of the Auth Facade to add our custom authentication provider under the key mongo. Recall that the key reflects the settings that were added earlier in the auth.php file.

In a similar way, we’ll inject our custom guard implementation using the extend method of the Auth facade.

Next, there’s a register method that we’ve used to bind the App\Services\Contracts\NosqlServiceInterface interface to the App\Database\MongoDatabase implementation.

So whenever there’s a need to resolve the App\Services\Contracts\NosqlServiceInterface dependency, Laravel responds with the implementation of the App\Database\MongoDatabase adapter.

The benefit of using this approach is that one could easily swap the given implementation with a custom implementation. For example, let’s say someone would like to replace the App\Database\MongoDatabaseimplementation with the CouchDB adapter in future. In that case, they just need to add the corresponding binding in the register method.

So that was the service provider at your disposal. At this moment, we have everything that is required to test our custom guard implementation, so the next and concluding section is all about that.

Does It Work?

You’ve done all the hard work setting up your first custom authentication guard, and now it’s time to reap the benefits as we’ll go ahead and give it a try.

Let’s quickly implement a pretty basic controller file app/Http/Controllers/MongoController.php as shown below.

Take a close look at the dependency of the login method, which requires the implementation of the Illuminate\Contracts\Auth\Guard guard. Since we’ve set the custom guard as the default guard in the auth.php file, it’s the App\Services\Auth\JsonGuard that’ll be injected actually!

Next, we’ve called the validate method of the App\Services\Auth\JsonGuardclass, which in turn initiates a series of method calls:

  • It calls the retrieveByCredentials method of the App\Extensions\MongoUserProvider class.
  • The retrieveByCredentials method calls the fetchUserByCredentialsmethod of the User App\Models\Auth\User class.
  • The fetchUserByCredentials method calls the find method of the App\Database\MongoDatabase to retrieve the user credentials.
  • Finally, the find method of the App\Database\MongoDatabase returns the response!

If everything works as expected, we should get an authenticated user by calling the user method of our guard.

To access the controller, you should add an associated route in the routes/web.php file.

Try accessing the URL http://your-laravel-site/custom/mongo/login without passing any parameters and you should see a “not authorized” message.

On the other hand, try something like http://your-laravel-site/custom/mongo/login?jsondata={“username”:”admin”,”password”:”admin”}and that should return a success message if the user is present in your database.

Please note that this is just for example purposes, to demonstrate how the custom guard works. You should implement a foolproof solution for a feature like login. In fact, I’ve just provided an insight into the authentication flow; you’re responsible for building a robust and secure solution for your application.

That ends our journey today, and hopefully I’ll be back with more useful stuff. If you want me to write on any specific topics, don’t forget to drop me a line!

The Laravel framework provides a solid authentication system in the core that could be extended if you want to implement a custom one. That was the topic of today’s article to implement a custom guard and plug it in to the Laravel authentication workflow.

In the course of that, we went ahead and developed a system that authenticates the user based on the JSON payload in the request and matches it with the MongoDB database. And to achieve that, we ended up creating a custom guard and a custom provider implementation.

I hope the exercise has provided you an insight into the Laravel authentication flow, and you should now feel more confident about its inner workings.

For those of you who are either just getting started with Laravel or looking to expand your knowledge, site, or application with extensions, we have a variety of things you can study on Envato Market.

I would love to hear your feedback and suggestions, so shout out loud using the feed below!

Source By : https://bit.ly/2ymfFEe

Author Bio:
Andrew Hanks is working for 9series Solutions as a Digital Marketing Expert. He is passionate about sharing updates on Laravel Development services and PHP Frameworks. Using the latest tools & strategies for marketing is something he loves.

Advertisements

5 Signals for a Leading Laravel Development Services

Do you want to develop a PHP web application for your business wants and struck which framework to choose? Laravel is a swiftly emerging technology supporting propelled features for much smarter and efficient app development.

Laravel, an open source PHP latest framework which converts the MVC applications and web development much smoother. With support for MVC (Model View Controller) approach and features such as session management and easy routing, easy storage and authentication, unit testing and elasticity for developing everything from small to large business apps. Laravel removes development pain sensed in a most of the web projects. After all, it has hugely improvised the web development experience to a large extent of the PHP developers and hence, is seems to be the perfect development framework of PHP web application.

There are some amazing facts about PHP framework that it can coerce business to go for Laravel development services by creating customized web applications delivering their business prerequisites are as follows.

Fascinating Features:

When it comes to picking a framework it’s all about features for web application development where Laravel sounds at and makes its name in the top web applications development of PHP frameworks. Laravel application development is all about employing the excellent set of features like simple to  run and write tests, unit tests, easy routing approach, authentication, view composer, versatility to develop any type of apps from small to large organization applications, accumulating suitable for small and large applications and automatic pagination for the dynamic PHP app development. Therefore, the enterprises are handsomely benefited as their business apps can now blend the best functionality for web application development.

Enhancing Future Ready Applications:

Going for Laravel application development services, ready to develop a future web application for an organization. This is because Laravel is assumed to be the future framework for PHP app development and scalability is a thing, these applications contribute to the enterprises. The business can promptly adjust to their changing requirement by overhauling their Laravel based apps in the future.

Prompt Development:

An enormously refreshing feature about Laravel is that it provides better, faster and sustainable programs development. The excellent framework concepts and built-in features not only boost the productivity of the Laravel developers, but also offer enterprises the much desired time benefit. Now organizations can get scalable and robust web applications developed for their requirements within minimum possible time with Laravel as the base of their application.

Create Applications with Customized Compelling Themes:

Can create high-performance web applications for enterprises with an engaging interface as Laravel serves compelling themes which are smoothly customizable according to the individual business wants.

Open Source Technology – Classy Framework

A Laravel development company in India offers you the best price for app development. This is on the grounds that it is an open source technology, the distance allowed to utilize.

Hence, Laravel development company in India is absolutely compelling for those who wish to create web applications for their enterprise or business needs.

Pros And Cons Of Laravel Development

laravel Development

Laravel is a modern, open source PHP framework which makes the development of web and MVC apps much easier. With support to MVC (Model View Controller) approach and features like easy authentication and caching, easy routing and session management, unit testing and flexibility for developing everything right from small websites to large enterprise applications. Laravel takes out the pain of development sensed in a majority of web projects. All-in-all, it has greatly improvised the web development experience of the PHP developers to a great extent. Hence, it is considered to be the best framework for the development of PHP web applications.

Pros and cons of Laravel Development:

  • It is common knowledge that, for web application development, Laravel gives expressive, elegant syntax. Such has been its design. The laravel developer will enjoy the process of development. Authentication, routing, sessions are some tasks that are commonly performed and are made easier, thanks to Laravel.
  • Use of libraries and models is easier as Laravel has object-oriented libraries. Such libraries are supported with autocomplete feature.
  • Importantly, this framework is designed for the PHP’s latest version. Therefore, unit testing authentication and support are the base development components and are inbuilt. It is praiseworthy that Laravel framework folds with the blade template engine in a smooth manner.
  • Laravel has its own command-line interface, known as Artisan, it enables developers to perform abundant tasks. Tasks like seeding databases and migrating databases. Also performed is clearing the cache, etc.
  • One area where Laravel beat CodeIgniter is it has got exceptions. These, with exceedingly detailed stack trace, are not available for developers who use CodeIgniter.
  • Laravel is best suited for building RESTful APIs. Apart from that, Laravel handles event queuing.
  • Object-Relational Mapping (ORM) in Laravel is simple, fast and eloquent. That said, developers will find it very easy to organize the apps database.

Laravel has proved itself one of the most effective framework among all PHP frameworks so it has bright future. Most of the developers are switching to Laravel framework and in future everyone would use Laravel in excess. Laravel Application Development would become on top of all frameworks because of its functionalities and features.

Hence, Laravel development services are surely compelling for those who are in need of crafting outstanding web applications for their enterprise or business needs. We at 9series help to shape your requirements by delivering complete IT Solution and Services.