User Authentication and Authorization on client side with no database

[mirzashahmir02]

my situation is written below
first app features: connected with my database login api returning auth user from database with roles and permissions and jwt token used spattie roles and permission package for user roles and permissionsin database

second app features: no database laravel based frontend and only api call using guzzleclient login frontend hitting api
i want to use blade directives in second app written below with code of both apps.
API APP LOGIN CONTROLLER:

public function login(Request $request)
    {
        $request->validate([
            'email' => 'required|email',
            'password' => 'required',
        ]);
        $credentials = $request->only('email', 'password');

        $token = Auth::attempt($credentials);
        if (!$token) {
            return response()->json(["data" => [
                'status' => 'error',
                'message' => 'Invalid Email Or Password',
            ]], 401);
        }

        $user = Auth::user();
        // $user->getPermissionNames();
        // $user->getDirectPermissions();
        $user->getPermissionsViaRoles();
        $user->getRoleNames();
        $exp = auth()->factory()->getTTL() * 60;
        return response()->json([
            "data" => [
                'status' => 'success',
                'user' => $user,
                'authorization' => [
                    'token' => $token,
                    'type' => 'bearer',
                    'expiry_time' => $exp,
                ]
            ]
        ]);
    }

IN POSTMAN i get response like this

{
    "data": {
        "status": "success",
        "user": {
            "id": 1,
            "name": "Shahmir Mirza",
            "email": "[email protected]",
            "email_verified_at": null,
            "created_at": "2022-11-21T11:22:28.000000Z",
            "updated_at": "2022-11-21T11:22:28.000000Z",
            "roles": [
                {
                    "id": 1,
                    "name": "Super Admin",
                    "guard_name": "api",
                    "created_at": null,
                    "updated_at": null,
                    "pivot": {
                        "model_id": 1,
                        "role_id": 1,
                        "model_type": "App\Models\User"
                    },
                    "permissions": []
                },
                {
                    "id": 2,
                    "name": "Admin",
                    "guard_name": "api",
                    "created_at": null,
                    "updated_at": null,
                    "pivot": {
                        "model_id": 1,
                        "role_id": 2,
                        "model_type": "App\Models\User"
                    },
                    "permissions": []
                },
                {
                    "id": 3,
                    "name": "Agent",
                    "guard_name": "api",
                    "created_at": null,
                    "updated_at": null,
                    "pivot": {
                        "model_id": 1,
                        "role_id": 3,
                        "model_type": "App\Models\User"
                    },
                    "permissions": []
                }
            ]
        },
        "authorization": {
            "token": 																																																					 
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vMTI3LjAuMC4xOjgwMDAvYXBpL2xvZ2luIiwiaWF0IjoxNjY5MjgyMTEwLCJleHAiOjE2NjkyODU3MTAsIm5iZiI6MTY2OTI4MjExMCwianRpIjoiTTZKTDJxRGh4RkFwSmg2NyIsInN1YiI6IjEiLCJwcnYiOiIyM2JkNWM4OTQ5ZjYwMGFkYjM5ZTcwMWM0MDA4NzJkYjdhNTk3NmY3In0.4602RIy527TW7PeEXFl9p1YlAZdpTrxEz0hMQiYpD2E",
            "type": "bearer",
            "expiry_time": 3600
        }
    }
}

then in my client side app i do the following

CLIENT SIDE APP LOGIN CONTROLLER:

public function login(Request $request)
    {
        $client = new Client();

        $request->validate([
            'email' => 'required|email',
            'password' => 'required',
        ]);

        $headers = [
            'Accept' => 'application/json',
            'Content-Type' => 'application/json',
        ];

        $credentials = [
            'email' => $request['email'],
            'password' => $request['password']
        ];

        $body = json_encode($credentials);
       // hitting an api from here
            $authRequest = new GuzzleRequest('POST', 'http://127.0.0.1:8000/api/login', $headers, $body);
           // hitting an api
            $promise = $client->sendAsync($authRequest)->then(function ($response) {
                $myResponse = json_decode($response->getBody(), true);
                return $myResponse;
            }, function ($response) {
                $myResponse = $response->getResponse()->getBody();
                $err = json_decode($myResponse, true);
                return $err;
            })->wait();

            if (isset($promise['data']['status']) == 'success') {
			// here i am putting my response in a session and redirecting it to dashboard
                Session::put('auth_user', $promise);
            } elseif (($promise['data']['status']) == 'error') {
                return $promise;
            }
        
    }

my blade file of this client app :

@extends('layouts.app')

@push('title')
    Dashboard
@endpush

@section('main_sec')

// i want to use this following code instead of if else how can i use this
@role("Super Admin")
 {{ "YOU ARE SUPER ADMIN" }}
@elserole ("Admin")
{{ "You are admin" }}                    
@endrole

// i want to use this above code instead of if else how can i use this
@endsection

[parallels999]

Seems like duplicate of #2247
On client user model you have to put the roles relation collection manually

[mirzashahmir02]

bro i know how to set relations and this link is about to increase performance but my question is how to to use clients user model cuz i have no database in my clients app ..?

[mirzashahmir02]

bro dun be rude i know how to code and have the ability to learn the best may be i am not understanding what u guyz are saying or maybe u didnt understand my problem
https://stackoverflow.com/questions/47772317/how-to-use-permissions-with-laravel-api-and-calling-application
this is a link of stackoverflow of someone else with same prob as mine may be you can get what i am trying to say sorry for the english i am in a little hurry

[jose123v]

this link is about to increase performance

The same logic can be applied for many things and escenaries, not only for performance, you have to hidrate a collection from the session values, and use set relation on auth user with the collection, now you can do what you want
Personal Note: please stop using bro

[mirzashahmir02]

am i going on a right direction or wrong..?

what i changed in a code

public function login(Request $request)
    {
        $client = new Client();

        $request->validate([
            'email' => 'required|email',
            'password' => 'required',
        ]);

        $headers = [
            'Accept' => 'application/json',
            'Content-Type' => 'application/json',
        ];

        $credentials = [
            'email' => $request['email'],
            'password' => $request['password']
        ];

        $body = json_encode($credentials);
       // hitting an api from here
            $authRequest = new GuzzleRequest('POST', 'http://127.0.0.1:8000/api/login', $headers, $body);
           // hitting an api
            $promise = $client->sendAsync($authRequest)->then(function ($response) {
                $myResponse = json_decode($response->getBody(), true);
                return $myResponse;
            }, function ($response) {
                $myResponse = $response->getResponse()->getBody();
                $err = json_decode($myResponse, true);
                return $err;
            })->wait();

            if (isset($promise['data']['status']) == 'success') {
		 $user = User::hydrate($promise['data']);
                 dd($user['user']);
            } elseif (($promise['data']['status']) == 'error') {
                return $promise;
            }
        
    }

and what i get when login.

after auth login when i am writing the following code

dd(auth()->check())

it is returning me True
but when i am using the same code in other url

Route::get('/model2', function(){
    dd(auth()->check());

});

it is returning me with false ..?
hydrated data is temporary..?
or am i missing something..
i think i am close

[erikn69]

Temporary on current call, you have to use middleware for hidrate on every call