I’m utilizing Laravel 10 for my project, which incorporates multiple portals. To manage them effectively, I’ve integrated multiple guards and providers. Below is the setup for guards in my auth.php file.

'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],
'guards' => [
        'manage' => [
            'driver' => 'session',
            'provider' => 'manage',//for admin
        ],
        'web' => [
            'driver' => 'session',
            'provider' => 'web', //for front student
        ],
        'api' => [
            'driver' => 'passport',
            'provider' => 'api', //api user
        ],
        'trainingcenter' => [ // New guard for training center
            'driver' => 'session',
            'provider' => 'trainingcenter',
        ],
        'instructor' => [ // New guard for instructors
            'driver' => 'session',
            'provider' => 'instructor', // Update with your provider for instructors
        ],
    ],
'providers' => [
        'web' => [
            'driver' => 'eloquent',
            'model' => AppModelsStudents::class,
        ],
        'manage' => [
            'driver' => 'eloquent',
            'model' => AppModelsManage::class,
        ],
        'trainingcenter' => [
            'driver' => 'eloquent',
            'model' => AppModelsTrainingCenter::class,
        ],
        'instructor' => [
            'driver' => 'eloquent',
            'model' => AppModelsInstructor::class,
        ],
        'api' => [
            'driver' => 'eloquent',
            'model' => AppModelsInstructor::class,
        ],
    ],

Here, two different guards api and instructor provider’s uses same model. below is my Instructor model code. where I have used HasApiTokens for passport

use LaravelPassportHasApiTokens;
class Instructor extends Authenticatable
{
    use HasApiTokens;

Now, in my login api controller I have below code

public function login(Request $request)
    {
        try {
            $credentials = $request->only('email', 'password');
            $user = Instructor::where('email',$credentials['email'])->first();
            if(!empty($user)) {
                if($user->status == 'disable') {// DISABLE
                    return $this->failure(trans('custom.error_account_disable'));
                }else if ($user->status != 'confirm') {// ACCOUNT NOT CONFIRMED
                    return $this->failure(trans('custom.error_account_pending'));
                }else {// SUCCESS LOGIN
                    $credentials = $request->only('email', 'password');
                    if (auth()->attempt($credentials)) {
                        $user = auth()->user();
                        $response_data = $user->toArray();
                        $response_data['accessToken'] = $user->createToken('authToken')->accessToken;
                        return $this->success($response_data, trans('custom.succ_login'));
                    }
                    return $this->failure(trans('custom.error_password_invalid'));
                }
            }
            return $this->failure(trans('custom.error_account_not_exists'),[],401);
        }catch (Exception $e) {
            return $this->failure(trans('custom.exception_error').$e->getMessage());
        }
    }

I’m experiencing a discrepancy where I can successfully log in to the Instructor Portal, which operates on a session-based authentication system, using the same credentials. However, when I attempt to use these identical credentials to access the login API, the authentication check via auth()->attempt($credentials) consistently returns false.

What am I missing here? For other guard’s login I am mentioning guard’s name but here in api I don’t have to still I tried auth()->guard(‘api’)->attempt($credentials) but no luck.

Can anyone help me with this?

I have reinstalled passport and regenerated keys, rechecked auth.php setup but it works with other guards except for api