Custom User Authentication Extension

failcookie - 1 month ago

I am setting up a custom authenticator using the AuthenticatorExtension method. I have a protected $provides = 'anomaly.module.users::authenticator.okta'; that references the extension default.extension.okta_authenticator, but I am not being passed through the auth - or at least my DD isn’t catching it through the dispatch.

Is the $provides not setup right? Or am I missing a key component to make sure it's included in the middle process?

On a somewhat related note, I am also trying to send users through an authenticate process in an API hit. I have my code setup like this.

$authenticator = new \Anomaly\UsersModule\User\UserAuthenticator(); $authenticator->attempt([ 'email' => $data['email'], 'password' => $data['password'] ]);

But I am receiving an error Type error: Too few arguments to function Anomaly\UsersModule\User\UserAuthenticator::__construct(), 0 passed in and exactly 4 expected. Is that not the right way to call the UserAuthenticator?

ryanthompson - 1 month ago

Is your extension installed? Make sure it's installed or it likely won't run :-P

I would method inject in your controller - but what controller are you extending? The ResourceController?

Awesome to see you diggin in! You'll have to blog about your adventures :-)

failcookie - 1 month ago

It's definitely installed. I am guessing it's because I wasn't running my attempts through the UserAuthenticator and was going through Laravel Auth instead. The admin login was successful in logging in without popping the UserAuthenticator, so I am guessing that maybe it ignores custom authenticators?

I have extended the PublicController do I need to be picky on which controllers I loop in?

ryanthompson - 1 month ago

Ah ya the user authenticator needs to be ran otherwise it's just native Laravel Guards that are run.

No public controller should be fine but I'd use the resource one since this is API and you don't want CSRF protection probably.

Sorry I misread your original post - make sure to resolve the authenticator out of the IoC with either method or class injection. It'll resolve those dependencies automatically.

failcookie - 1 month ago

That did the trick! Finally grabbing my custom authenticator. Was I correct on the reasoning for admin not hitting the authenticator?

Edit: Nope! Admin uses the auth I was just doing it wrong. Man these things are the bomb.