I have two differents users (users and hosts). Both work through the API, but with different guards.
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
'host' => [
'driver' => 'jwt',
'provider' => 'hosts',
],
All work fine, but the token retrieve with the host guards is valid for api routes. I want to eliminate this behavior, because they are totally different users. The code below is that of the controllers of both the user and the hosts.
class HostController extends Controller
{
public function login(Request $request)
{
$data = $request->validate([
'email' => 'required|string|email',
'password' => 'required|string'
]);
if (! $token = auth('host')->attempt($data)) {
return $this->errorResponse('Unauthorized', 401);
}
return $this->showMessage($this->respondWithToken($token));
}
}
class UserController extends Controller
{
public function login(Request $request)
{
$data = $request->validate([
'email' => 'required|string|email',
'password' => 'required|string'
]);
if (! $token = auth('api')->attempt($data)) {
return $this->errorResponse('Unauthorized', 401);
}
return $this->showMessage($this->respondWithToken($token));
}
}
Thanks.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire