laravel passport：请求user（）在auth：api中间件之外返回null，并返回用户对象内部(laravel passport: Request user() returning n

laravel passport：请求user（）在auth：api中间件之外返回null，并返回用户对象内部(laravel passport: Request user() returning null outside auth:api middleware, and inside returning user object)

当我使用auth：api中间件获取登录用户详细信息时，它会在我的控制器函数中返回包含详细信息的用户对象。

api.php (with auth:api middleware returns User object) Route::group(['middleware' => 'auth:api'], function() { Route::get('users/mentor_details/{uuid}','UserController@getMentorProfileDetails'); });

但是当我试图在此auth：api中间件之外登录用户详细信息时，它返回null。

api.php (without auth:api middleware return null) Route::get('users/mentor_details/{uuid}','UserController@getMentorProfileDetails');

When I am tring to get loggedin user details using auth:api middleware, it returns user object with details in my controller function.

api.php (with auth:api middleware returns User object) Route::group(['middleware' => 'auth:api'], function() { Route::get('users/mentor_details/{uuid}','UserController@getMentorProfileDetails'); });

But when I am trying to get loggedin user details outside this auth:api middleware, it returns null.

api.php (without auth:api middleware return null) Route::get('users/mentor_details/{uuid}','UserController@getMentorProfileDetails');

最满意答案

如果未提供auth中间件，或未指定防护，则使用默认防护来确定用户。 除非您在config/auth.php文件中更改了此项，否则默认防护是web防护。

因此，当您转到不受特定身份验证中间件保护的路由时，加载的用户是web防护提供的web 。

因此，即使您可能正在发送持有者令牌以使用特定用户， web守卫也不知道任何相关内容，并且由于您没有用户通过web防护登录，因此您将获得null用户。

你有四个选择：

确保路由受auth:api中间件保护，该中间件指定api防护。 但是，这不允许访客访问该网址。

在config/auth.php文件config/auth.php默认防护更改为api 。 这可能不是你想要做的，特别是如果你有普通的网络用户。

告诉你想要api后卫的用户请求。 $request->user()方法将一个guard作为参数，所以如果你执行$request->user('api') ，它将使用api guard检索用户。

直接从api guard获取用户： auth()->guard('api')->user() 。

When the auth middleware is not provided, or is provided without specifying the guard, the default guard is used to determine the user. Unless you have changed this in your config/auth.php file, the default guard is the web guard.

So, when you go to a route that is not protected by a specific auth middleware, the user that is loaded is the one provided by the web guard.

Therefore, even though you may be sending the bearer token to use a specific user, the web guard doesn't know anything about that, and since you have no user logged in via the web guard, you are getting a null user.

You've got four options:

Make sure the route is protected by the auth:api middleware, which specifies the api guard. This, however, will not allow guests to access the url.

Change your default guard to api in your config/auth.php file. This is probably not what you want to do, especially if you do have normal web users.

Tell the request you want the user from the api guard. The $request->user() method takes a guard as an argument, so if you do $request->user('api'), it will retrieve the user using the api guard.

Get the user from the api guard directly: auth()->guard('api')->user().