My routes in web.php are as below:
$router->post('apiToken', 'AuthController@getApiToken');
$router->group(['middleware' => 'auth:api'], function () use ($router) {
$router->get('users', 'UserController@index');
$router->post('users', 'UserController@store');
$router->get('users/{id}', 'UserController@show');
$router->put('users/{id}', 'UserController@update');
$router->delete('users/{id}', 'UserController@destroy');
});
When I access the route 'apiToken', it hits the AuthServiceProvider@viaRequest first. I don't understand why?
I figured it out. I was injecting a repository inside AuthController which was having \Auth::user() in the constructor. So \Auth::user() triggers the whole authenticate mechanism whether your route is using the Auth middleware or not. Hope it helps someone.