VenJwtGuard
Custom Guard reading the Bearer token from the incoming request and validating it locally via auth-php’s JwtValidator. Mirrors AUTH-PHP-LARAVEL-DESIGN §4.3.
Hot path:
- extract Bearer header
- AuthClient::validateBearer()
- on success: hydrate user via UserProvider (Pattern B) or build a VenAuthUser (Pattern A)
Tokens are accepted from the request only — refresh handling lives in VenAuth facade / explicit middleware. Keeping the Guard side-effect-free matches Laravel’s “stateless guard” expectation.
Methods
ensureFreshForCurrentRequest()
function ensureFreshForCurrentRequest(): RequestThe Auth manager caches the Guard instance across requests in long- lived processes (Octane, tests). Refresh resolved state whenever the incoming Authorization header changes so we don’t serve a stale principal to a different request.