Redirecting to Different Pages Based on Authentication Guards in Laravel Middleware

Introduction:

In a Laravel application, managing multiple user roles (e.g., admin, vendor, customer) is a common requirement. Each user type often has distinct permissions and landing pages post-login. Laravel provides a robust solution for this through its authentication guards. In this tutorial, we will explore how to customize redirects based on different guards using Laravel’s Authenticate middleware.

Understanding Laravel Authentication Guards: Laravel guards define how users are authenticated for each request. They handle who should be authenticated (admin, vendor, or customer) and where they should be redirected after login or logout. By default, Laravel provides the web guard for standard users, but you can create and customize your own guards, such as admin or vendor.

In this article, we’ll show you how to:

1. Set up custom guards.
2. Configure the Authenticate middleware to redirect users to different pages based on their guard.
3. Ensure users are directed to the correct dashboard after login.

Step 1: Configuring Guards in auth.php To start, define multiple guards in your config/auth.php file. Each guard represents a different user type, such as admins and vendors:

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'admin' => [
        'driver' => 'session',
        'provider' => 'admins',
    ],

    'vendor' => [
        'driver' => 'session',
        'provider' => 'vendors',
    ],
],

'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => App\Models\User::class,
    ],

    'admins' => [
        'driver' => 'eloquent',
        'model' => App\Models\Admin::class,
    ],

    'vendors' => [
        'driver' => 'eloquent',
        'model' => App\Models\Vendor::class,
    ],
],

Here, we’ve defined separate guards for admin and vendor, each associated with a different user provider.

Step 2: Updating the Authenticate Middleware Next, we’ll modify the Authenticate middleware to handle different redirects based on the guard type. The Authenticate.php file is located in app/Http/Middleware.

Modify the redirectTo method to add logic for handling different guards:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Auth\Middleware\Authenticate as Middleware;
use Illuminate\Support\Arr;

class Authenticate extends Middleware
{
    protected $guards;

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  string[]  ...$guards
     * @return mixed
     *
     * @throws \Illuminate\Auth\AuthenticationException
     */
    public function handle($request, Closure $next, ...$guards)
    {
        $this->guards = $guards;

        return parent::handle($request, $next, ...$guards);
    }

    /**
     * Get the path the user should be redirected to when they are not authenticated.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return string|null
     */
    protected function redirectTo($request)
    {
        if (! $request->expectsJson()) {
            if (Arr::first($this->guards) === 'admin') {
                return route('admin.login');
            } else if(Arr::first($this->guards) === 'vendor') {
                return route('vendor.login');
            }
        }
    }
}

In this example, the redirectTo method checks the guard to decide which login page to redirect to. If the user is trying to access an admin page but isn't authenticated as an admin, they will be redirected to the admin login page. Similarly, vendors will be redirected to their respective login page.

Step 3: Using Route Groups for Guards To ensure the right middleware is applied to each type of user, you can define route groups with different guards:

// Admin Routes
Route::prefix('admin')->name('admin.')->group(function () {
    Route::middleware('auth:admin')->group(function () {
        Route::get('dashboard', [AdminController::class, 'dashboard'])->name('dashboard');
    });
});

// Vendor Routes
Route::prefix('vendor')->name('vendor.')->group(function () {
    Route::middleware('auth:vendor')->group(function () {
        Route::get('dashboard', [VendorController::class, 'dashboard'])->name('dashboard');
    });
});

Here, the routes are grouped by prefix (admin or vendor) and middleware (auth:admin or auth:vendor). This setup ensures that only authenticated admins can access the admin dashboard, and only authenticated vendors can access the vendor dashboard.

Step 4: Testing the Middleware Now that your guards, middleware, and routes are configured, test your application by logging in as different user types (admin, vendor, or default user). Verify that each type of user is correctly redirected to their respective dashboard or login page when accessing restricted areas.

Conclusion: Handling multiple authentication guards in Laravel allows you to create distinct user experiences for various user types, such as admins and vendors. With proper configuration of the Authenticate middleware and route grouping, you can ensure that users are seamlessly redirected to the appropriate pages based on their roles.

This setup is crucial for maintaining secure, role-based access in Laravel applications, enhancing both security and user experience. If you found this guide helpful, be sure to explore more Laravel features to further improve your application’s authentication flows!

Let me know if you need further adjustments or additions!