Laravel API with Bearer token - Middleware auth:api

Question

I'm trying to create an API with Bearer Token but I can't figure it out:

1. What does the route::middleware('auth:api') do
2. Where's the code of route::middleware('auth:api')

So, I have the following code in my Routes\Api.php file:

Route::get('/login', function (Request $request) 
{
    if(Auth::guard()->attempt(['email' => $request->email, 'password' => $request->password]) == FALSE)
        return response()->json(['status' => FALSE]);

    $user = Users::select('id', 'name', 'api_token', 'created_at')->where('email', $request->email)->firstOrFail();

    return response()->json(['status' => TRUE, 'user' => $user]);
});

Route::middleware('auth:api')->get('/bookings', function (Request $request)
{
    return response()->json(['its working!']);
});

I'm able to successfully connect to the route /login and retrieve the api_token. Now this token must be used in the /bookings route in order to authenticate.

I was hopping the middleware('auth:api')verify my CURL headers for the Authorization: Bearer zzzzzzzzz, but its not working.

So basically I need to understand how do I change the code logic behind auth:api or if I should create a new middleware and check for the request headers?

Answer 1

Diclamer

If you need custom code to handle authentication you should create your own middleware and authentication guard and use it instead of the default one that Laravel provides.

Your questions

What does the route::middleware('auth:api') do

It states that the route should implement the middleware "auth" and the middleware group "api".

Where's the code of route::middleware('auth:api')

All middleware in Laravel is defined in app/Http/Kernel.php.

In there you will probably see something like

protected $middlewareGroups = [
    ....,
    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

and

protected $routeMiddleware = [
    ...,
    'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
    'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];

This means that a route using the middleware auth:api implements the api middleware group (in this case the ThrottleRequests and SubstituteBinding middleware) and the auth middleware (Authenticate).

The actual authentication guard used depends on the configuration in your auth.php config file:

'guards' => [
    'api' => [
        'driver' => 'token',
        'provider' => 'users',
    ],
],

In the case above a TokenGuard is used (laravel/framework/src/Illuminate/Auth/TokenGuard.php).

So to answer your question, the code for the auth middleware can be found at

laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php