Multiple Guards

[ItsRD]

• Passport Version: v11.3.1
• Laravel Version: v9.43.0
• PHP Version: 8.1.11
• Database Driver & Version: MySQL 5.7.39

Description:

I'm working on a project with multiple guard. The regular web guard and the admin guard.
In the AuthorizationController on line 97 it requests the user, without any guard as parameter. Because of this it tries to get the web user and not the admin user. I'm not sure if I did forget something while setting up multiple guards or this is a bug.

When I change $user = $request->user(); to $user = $request->user(config('passport.guard')); it works fine.

Steps To Reproduce:

• I've added a new guard, new provider and Admin model.
• I installed Laravel passport
• Changed the provider in the oauth_clients table to the name of my new provider (called admins).
• Published the config and changed the guard to admin

[driesvints]

Hi there,

Thanks for reporting but it looks like this is a question which can be asked on a support channel. Please only use this issue tracker for reporting bugs with the library itself. If you have a question on how to use functionality provided by this repo you can try one of the following channels:

• Laracasts Forums
• Laravel.io Forums
• StackOverflow
• Discord
• Larachat
• IRC

However, this issue will not be locked and everyone is still free to discuss solutions to your problem!

Thanks.

[ItsRD]

@driesvints So, are you saying this is not a bug in the package? Because I am.

[driesvints]

Sorry. I don't think Passport supports multi auth and we have no intention to pursue changes here. Please see #1606

[ItsRD]

I'm using a single guard for passport and it was never my intention to use multiple guard for passport. But when I change the guard in the passport.php config from web to admin it's still using the web guard in the AuthorizationController and that's the bug in my opinion.

Maybe the title of this issue is a bit misleading

[m-bosch]

I totally agree on @ItsRD.

I am wondering why there is an option to set a config called guard, even though it feels like it is not being used in this package. I am having the same issue, but instead of using a personal access token, I am using Authorization Code Grant with PKCE.

As @driesvints states in #1606, the recommendation is to use Sanctum if you using a personal access token, but as mentioned above, I am trying to use oAuth with native apps.

As Laravel docs states:

Before getting started, you may wish to determine if your application would be better served by Laravel Passport or Laravel Sanctum. If your application absolutely needs to support OAuth2, then you should use Laravel Passport.

However, if you are attempting to authenticate a single-page application, mobile application, or issue API tokens, you should use Laravel Sanctum. Laravel Sanctum does not support OAuth2; however, it provides a much simpler API authentication development experience.

So in that case I should use Passport.

Simple using the config('passport.guard') in the request()->user() should solve all the problems as mentioned above. If you would like i can make a PR for it?