Skip to content
rw3iss Auth

VenJwtGuard

class rw3iss\AuthServer\Laravel\VenJwtGuard src/VenJwtGuard.php ↗

Custom Guard reading the Bearer token from the incoming request and validating it locally via auth-php’s JwtValidator. Mirrors AUTH-PHP-LARAVEL-DESIGN §4.3.

Hot path:

  • extract Bearer header
  • AuthClient::validateBearer()
  • on success: hydrate user via UserProvider (Pattern B) or build a VenAuthUser (Pattern A)

Tokens are accepted from the request only — refresh handling lives in VenAuth facade / explicit middleware. Keeping the Guard side-effect-free matches Laravel’s “stateless guard” expectation.

Methods

ensureFreshForCurrentRequest()

function ensureFreshForCurrentRequest(): Request

The Auth manager caches the Guard instance across requests in long- lived processes (Octane, tests). Refresh resolved state whenever the incoming Authorization header changes so we don’t serve a stale principal to a different request.