Skip to content
Vendidit Auth

VenJwtGuard

class Vendidit\AuthServer\Laravel\VenJwtGuard Source: src/VenJwtGuard.php

Custom Guard reading the Bearer token from the incoming request and validating it locally via auth-php’s JwtValidator. Mirrors AUTH-PHP-LARAVEL-DESIGN §4.3.

Hot path:

  • extract Bearer header
  • AuthClient::validateBearer()
  • on success: hydrate user via UserProvider (Pattern B) or build a VenAuthUser (Pattern A)

Tokens are accepted from the request only — refresh handling lives in VenAuth facade / explicit middleware. Keeping the Guard side-effect-free matches Laravel’s “stateless guard” expectation.