Calling the right guard in middleware for Multi-auth system

Question

I am adding a custom authentication system via guards , models and providers.

After trying to read some documentation and articles, I am bit confused about the different way of invoking guards and middleware

Question 1: So, if I want to invoke (default) authentication in a particular route (as defined in auth.php as "default => [ 'guard' => 'web' ... , is it 'middleware' => ['auth']] Does this mean the default auth ? Or the middleware "auth" - which is included in the Kernel.php as below

protected $routeMiddleware = [ 'auth' => \App\Http\Middleware\Authenticate::class,

if i want the default auth as defined in "web" of config/auth.php should it be 'middleware' => ['auth']] or 'middleware' => ['web']] or 'middleware' => ['auth:web']]

Question 2: Now there is a middleware group called "web" which has useful things like StartSession, EncryptCookies, CSRF Protection, - so if I have a custom guard "abcguard" - is session management, cookie encryption done through some mechanism or I should explicitly add that middleware "web" in my routes /route-group?

Question 3: what if I have a custom guard called "abcguard" defined in auth.php as such and I have a middleware group called abcguard (just for illustration purpose) -- how do I make sure that that a route dashboard is available after the abcguard authentication and passing though middleware abcguard

Is this the right way? 'middleware' => ['auth:abcguard', abcguard]]

How does Laravel know which one is authentication and which one is just a middleware? Or is "guard" just a name for another middleware - the only specific behaviour is that a guard determines how users are authenticated and a middleware might just check if an user is authenticated?

Q4 - In the statement below, how does laravel find out which abcguard is a guard and which is a middlewar group? 'middleware' => ['auth:abcguard', abcguard]]

Answer 1

1. First, you seem to confuse web middleware group (defined in Kernel) with web guard (authentication mechanism using session) for auth middleware, and they are even not related TBH. Guard is used to authenticate users, and middleware group just holds different middlewares for your web routes. If in your auth.php config, you have default guard web, the 'middleware' => 'auth' will end up using web guard. In case you want to use other guard, you will need to use 'middleware' => 'auth:other_guard'

2. Again, web middleware group only holds middlewares for ALL of your web routes. You should not add auth to all of them, for sure.

3. The right way will be 'middleware' => ['auth:abcguard', 'abcguard'], yea. In this case, you have auth middleware using abcguard guard and abcguard middleware group.

4. When you write auth:abcguard you are calling auth middleware and passing abcguard as argument to it's handle function. Same if it was web - default session guard, or api - default auth token, or sanctum - sanctum's session cookie. Middleware groups are defined in your App\Http\Kernel::class. In case you have abcguard middleware group there, you will be using all middlewares defined in that group.