Middleware-Based Authorization Guards
Guards define how users are authenticated for each request. The default 'web' guard uses sessions, while the 'api' guard uses tokens. You can create custom guards for admin panels, multi-auth systems, or different user types.
Authorization Guards
// config/auth.php — Guard configuration
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'sanctum',
'provider' => 'users',
],
],
// Using guards
Auth::guard('web')->user(); // Current web user
Auth::guard('api')->user(); // Current API user
// Route middleware with guard
Route::middleware('auth:sanctum')->group(function () {
// API routes authenticated via Sanctum tokens
});
Route::middleware('auth:web')->group(function () {
// Web routes authenticated via sessions
});Module 7 Review
Tip
Tip
Practice MiddlewareBased Authorization Guards in small, isolated examples before integrating into larger projects. Breaking concepts into small experiments builds genuine understanding faster than reading alone.
Middleware = filters that run before/after your controller logic
Practice Task
Note
Practice Task — (1) Write a working example of MiddlewareBased Authorization Guards from scratch without looking at notes. (2) Modify it to handle an edge case (empty input, null value, or error state). (3) Share your solution in the Priygop community for feedback.
Common Mistake
Warning
A common mistake with MiddlewareBased Authorization Guards is skipping edge case testing — empty inputs, null values, and unexpected data types. Always validate boundary conditions to write robust, production-ready laravel code.