Frontend Support

Gateway Session Guard

The gateway guard provides session-based authentication for frontend applications. It stores the JWT token in the session and refreshes it transparently when expired. User information and permissions are retrieved from the API gateway.

Configuration

Publish the configuration file if you haven't already:

php artisan vendor:publish --provider="Kroderdev\LaravelMicroserviceCore\Providers\MicroserviceServiceProvider" --tag=config

Edit config/microservice.php and adjust the gateway_guard section:

'gateway_guard' => [
    // Class used for the authenticated user
    'user_model'  => App\Models\User::class,

    // Load roles & permissions automatically using `client->me()`
    'load_access' => true,

    // Seconds to cache `client->me()` responses
    'me_cache_ttl' => 300,
],

The TTL is in seconds. If the JWT token includes an exp claim, the cache duration is capped so it never exceeds the token's remaining lifetime.

Configure a guard in config/auth.php:

'guards' => [
    'gateway' => [
        'driver'   => 'gateway',
        'provider' => 'users',
    ],
],

The provider should match the user_model above.

Usage

Use the guard like any other Laravel guard:

Auth::guard('gateway')->attempt($credentials);

The token is stored in the session and automatically refreshed when needed.

Maintained by @KroderDev

💬 Feedback? Open an issue
Last updated: July 1, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Frontend Support

Gateway Session Guard

Configuration

Usage

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally