Environment
Laravel Homestead
Issue description
I tried to replace the socialite authentication with a passwordless medium style authentication.
First, the user provides his email where I send an authentication token (I replaced the social authentication links in the login modal with a form input for email );
Then, after clicking on the authentication link, the user is either created or retrieved by email and redirected to the home page.
In the authentication controller previously used for socialite, I check the token validity (existence and expiration ), and I log the user in with Auth::login($user)
, $user being the user for the mail address the token came from.
I used Auth::login($user)
by following the example for socialite authentication in roastandbrew code.
I also faced a bug related to the session storage file as described at laravel/framework#22514 that I bypassed by changing the session driver environment variable to cookie.
After redirecting the user, I noticed that despite the Auth::login($user)
action I did, the user didn't appear as authenticated (userLoadStatus==3).
When I checked the API\UsersController.php, I saw that we get the authenticated user with Auth::guard('api')->user()
, and I didn't understand why.
I thought that there would be something like Auth::guard('api')->login($user)
, but it throws an exception for non-existent method.
When I replace Auth::guard('api')->user()
with response()->json(Auth::guard('api')->user())
, the user appears to be logged in the application whereas a curl call with the following command :
curl -X GET -H 'Accept: application/json' http://memoire.local/api/v1/user
returns an empty response.
dd(Auth::guard('api')->user())
throws an error when called from my token model dd(Auth::guard()->user())
does return a user.
I got confused, and after searching from yesterday, I decided to open this issue to know if I missed something.
By the way, your code is very fine and easy to understand, Thank you for it and the tutorial.
Steps to reproduce the issue
I mainly followed the steps in this medium article https://medium.com/@hive_adrian/password-less-email-authentication-in-laravel-ecf5388efe74 by adapting it to the single page app context (no blade view, response->json instead of views as return values, etc, ...)
Additional details / screenshots
I want to point out that my authentication routes were initially in the web.php but there was a 419 error which led me to write them inside the routes/api.php file.
Thank you very much !!