Laravel: How to authenticate users without DB

Create your own Guard ignoring UserProvider interface. I adopted it in my project and it's working well.

PinGuard.php

<?phpdeclare(strict_types=1);namespace App\Auth\Guards;use App\User;use Illuminate\Auth\AuthenticationException;use Illuminate\Contracts\Auth\Authenticatable;use Illuminate\Contracts\Auth\Guard;use Illuminate\Http\Request;/** * Class PinGuard */class PinGuard implements Guard{    /**     * @var null|Authenticatable|User     */    protected $user;    /**     * @var Request     */    protected $request;    /**     * OpenAPIGuard constructor.     *     * @param Request $request     */    public function __construct(Request $request)    {        $this->request = $request;    }    /**     * Check whether user is logged in.     *     * @return bool     */    public function check(): bool    {        return (bool)$this->user();    }    /**     * Check whether user is not logged in.     *     * @return bool     */    public function guest(): bool    {        return !$this->check();    }    /**     * Return user id or null.     *     * @return null|int     */    public function id(): ?int    {        $user = $this->user();        return $user->id ?? null;    }    /**     * Manually set user as logged in.     *      * @param  null|\App\User|\Illuminate\Contracts\Auth\Authenticatable $user     * @return $this     */    public function setUser(?Authenticatable $user): self    {        $this->user = $user;        return $this;    }    /**     * @param  array $credentials     * @return bool     */    public function validate(array $credentials = []): bool    {        throw new \BadMethodCallException('Unexpected method call');    }    /**     * Return user or throw AuthenticationException.     *     * @throws AuthenticationException     * @return \App\User     */    public function authenticate(): User    {        $user = $this->user();        if ($user instanceof User) {            return $user;        }        throw new AuthenticationException();    }    /**     * Return cached user or newly authenticate user.     *     * @return null|\App\User|\Illuminate\Contracts\Auth\Authenticatable     */    public function user(): ?User    {        return $this->user ?: $this->signInWithPin();    }    /**     * Sign in using requested PIN.     *     * @return null|User     */    protected function signInWithPin(): ?User    {        // Implement your logic here        // Return User on success, or return null on failure    }    /**     * Logout user.     */    public function logout(): void    {        if ($this->user) {            $this->setUser(null);        }    }}

NoRememberTokenAuthenticatable.php

User should mixin this trait.

<?phpdeclare(strict_types=1);namespace App\Auth;use Illuminate\Database\Eloquent\Model;/** * Trait NoRememberTokenAuthenticatable * * @mixin Model */trait NoRememberTokenAuthenticatable{    /**     * Get the name of the unique identifier for the user.     *     * @return string     */    public function getAuthIdentifierName()    {        return 'id';    }    /**     * Get the unique identifier for the user.     *     * @return mixed     */    public function getAuthIdentifier()    {        return $this->id;    }    /**     * Get the password for the user.     *     * @return string     * @codeCoverageIgnore     */    public function getAuthPassword()    {        throw new \BadMethodCallException('Unexpected method call');    }    /**     * Get the token value for the "remember me" session.     *     * @return string     * @codeCoverageIgnore     */    public function getRememberToken()    {        throw new \BadMethodCallException('Unexpected method call');    }    /**     * Set the token value for the "remember me" session.     *     * @param string $value     * @codeCoverageIgnore     */    public function setRememberToken($value)    {        throw new \BadMethodCallException('Unexpected method call');    }    /**     * Get the column name for the "remember me" token.     *     * @return string     * @codeCoverageIgnore     */    public function getRememberTokenName()    {        throw new \BadMethodCallException('Unexpected method call');    }}

AuthServiceProvider.php

<?phpdeclare(strict_types=1);namespace App\Providers;use App\Auth\Guards\PinGuard;use Illuminate\Container\Container;use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;use Illuminate\Support\Facades\Auth;class AuthServiceProvider extends ServiceProvider{    /**     * The policy mappings for the application.     *     * @var array     */    protected $policies = [];    /**     * Register any authentication / authorization services.     */    public function boot()    {        Auth::extend('pin', function (Container $app) {            return new PinGuard($app['request']);        });        $this->registerPolicies();    }}

config/auth.php

You should comment out most of them.

return [    /*    |--------------------------------------------------------------------------    | Authentication Defaults    |--------------------------------------------------------------------------    |    | This option controls the default authentication "guard" and password    | reset options for your application. You may change these defaults    | as required, but they're a perfect start for most applications.    |    */    'defaults' => [        'guard' => 'web',        // 'passwords' => 'users',    ],    /*    |--------------------------------------------------------------------------    | Authentication Guards    |--------------------------------------------------------------------------    |    | Next, you may define every authentication guard for your application.    | Of course, a great default configuration has been defined for you    | here which uses session storage and the Eloquent user provider.    |    | All authentication drivers have a user provider. This defines how the    | users are actually retrieved out of your database or other storage    | mechanisms used by this application to persist your user's data.    |    | Supported: "session", "token"    |    */    'guards' => [        'web' => [            'driver' => 'pin',        ],        // 'api' => [        //     'driver' => 'session',        //     'provider' => 'users',        // ],        // 'web' => [        //     'driver' => 'session',        //     'provider' => 'users',        // ],    ],    /*    |--------------------------------------------------------------------------    | User Providers    |--------------------------------------------------------------------------    |    | All authentication drivers have a user provider. This defines how the    | users are actually retrieved out of your database or other storage    | mechanisms used by this application to persist your user's data.    |    | If you have multiple user tables or models you may configure multiple    | sources which represent each model / table. These sources may then    | be assigned to any extra authentication guards you have defined.    |    | Supported: "database", "eloquent"    |    */    'providers' => [        // 'users' => [        //     'driver' => 'eloquent',        //     'model' => App\User::class,        // ],        // 'users' => [        //     'driver' => 'database',        //     'table' => 'users',        // ],    ],    /*    |--------------------------------------------------------------------------    | Resetting Passwords    |--------------------------------------------------------------------------    |    | You may specify multiple password reset configurations if you have more    | than one user table or model in the application and you want to have    | separate password reset settings based on the specific user types.    |    | The expire time is the number of minutes that the reset token should be    | considered valid. This security feature keeps tokens short-lived so    | they have less time to be guessed. You may change this as needed.    |    */    // 'passwords' => [    //     'users' => [    //         'provider' => 'users',    //         'table' => 'password_resets',    //         'expire' => 60,    //     ],    // ],];

Thank you all, but there was a much simpler solution... which is to use session().

In the controller,

public function login(Request $request){    if ($request->input('pin') === env('PIN')) {        $request->session()->put('authenticated', time());        return redirect()->intended('success');    }    return view('auth.login', [        'message' => 'Provided PIN is invalid. ',    ]);    //Or, you can throw an exception here.}

The route looks like,

Route::group(['middleware' => ['web', 'custom_auth']], function () {    Route::get('/success', 'Controller@success')->name('success');});

The custom_auth will looke like,

public function handle($request, Closure $next){    if (!empty(session('authenticated'))) {        $request->session()->put('authenticated', time());        return $next($request);    }    return redirect('/login');}

Hope this will help someone.

If you know who the user is (IE: have a $user instance already), you can simply login without using any guards as shown in the documentation

Auth::login($user);

I would pass in a User instance instead of $email/$password to your function

$user = User::whereEmail($email)->first();$class->login($user);

and then in your class

public static function Login(User $user) {// ... if(substr ( $result, 0, 3 ) == '+OK')    Auth::login($user);    return true; //user will be logged in and then redirect else    return false; }