Authorization Policies/Gates for Laravel 5.3 web app consuming own API w/ Passport

Deadly 提交于 2019-12-06 15:28:36

Update: Got it working.

Seems that even for the API calls Laravel was still using the user from the web guard to check against policies. This user is undefined for API calls. So I needed to tell Laravel that all API calls should use the api guard.

Create a new middleware with Auth::shouldUse('api'); in the handle function. Assign the middleware to the api section in the kernel. Laravel will now use the api guard for all API requests. Calls like $this->authorize('view', $model) will work in both web and api.

Just use auth:api middleware for routes with Policies

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!