5

i have a function where

public function index(){
   $users = User::doesntHave('roles')->latest()->paginate()->except(Auth::id());
   return UsersResource::collection($users);
}

when i dd the Auth::id() it returns null even if I declared the auth facade on my controller 

use Illuminate\Support\Facades\Auth;

this is my route which is stored inside api.php

Route::resource('users','Users\AdminUsersController')->except([
    'create', 'edit'
]);
Beginner
  • 1,700
  • 4
  • 22
  • 42

3 Answers3

3

Add your auth protected routes inside auth:api middleware 

Route::post('login','LoginController@login');

Route::middleware(['auth:api'])->group(function () {

    Route::resource('users','Users\AdminUsersController')->except([
    'create', 'edit'
    ]);

    //other authenticated Routes goes inside this block

});

For Api authentication i suggest you to look https://laravel.com/docs/5.6/passport

rkj
  • 8,067
  • 2
  • 27
  • 33
  • sir it says unauthenticated status 401 do i need to install the passport? – Beginner Aug 28 '18 at 12:15
  • @Beginner yes, need to install laravel passport and then need to generate accessToken and then send that token in header. you can look this https://stackoverflow.com/questions/50848892/how-to-use-laravel-passport-with-password-grant-tokens – rkj Aug 28 '18 at 14:23
  • Sir sorry this is my first time implementing passport, i always skipped this one because i dont know where to start. So for example I have a login controller that generates access token. So in my route when I login, I can now already used the auth:api middleware and be able to consume my own api? localhost/app/public/api/users? w/o getting the 401 status? Thanks sir – Beginner Aug 28 '18 at 21:45
  • yes, put your login controller outside of `auth:api` middleware Route block updated answer. After login and generated `accessToken` then use this accessToken in `Authorization` header like this `Authorization: Bearer accessToken` to call all protected apis. Side note it is good practice to use virtual host for laravel application. check here https://ourcodeworld.com/articles/read/584/how-to-configure-a-virtual-host-for-a-laravel-project-in-xampp-for-windows – rkj Aug 29 '18 at 04:10
  • meaning if i make a request from front end to backend i will always append that access token? based on my research they typically store the token on localstorage is that safe enough? – Beginner Aug 29 '18 at 04:26
  • 1
    yes, for all request you have to append `Authorization` header with `accessToken` value. Yes, you can store it in localstorage. Remember `$user->createToken('Token Name')->accessToken` generate a personal token and it doesn't have expire time so you have to revoke it either in your logout api or something like that. Better read the documentation from the link which is in answer – rkj Aug 29 '18 at 04:34
  • sir https://stackoverflow.com/questions/52156606/laravel-multiple-database-connection-get-average-from-3-tables – Beginner Sep 03 '18 at 22:08
  • sir https://stackoverflow.com/questions/52171438/laravel-cronjob-run-whats-inside-the-method?noredirect=1#comment91293504_52171438 – Beginner Sep 04 '18 at 17:50
  • https://stackoverflow.com/questions/52207683/get-latest-from-different-relationship-eloquent-laravel – Beginner Sep 06 '18 at 15:37
0

Are you're signed in. It doesn't sound like it.

Don't use Illuminate\Support\Facades\Auth; instead it is just use Auth;.

You can do the following:

auth()->check(); // this checks to see if you're logged in

$userId = auth()->check() ? auth()->id() : null;

auth()->id(); // this is the same as Auth::id();

auth()->user();
Asheeka K P
  • 408
  • 4
  • 13
0

$users = User::doesntHave('roles')->latest()->paginate()->except(Auth::user()->id);

J Ajith
  • 1
  • 2