two ways to authentication, based on session(cookie) or based on api(token)，so we have two guards (web & api in config/auth.php).
guards have a driver and a provider,actually it’s just like controller and model.
driver: the logic u handle authentication
model: where u store your user data
#how it works
At first ,we need an entrance, we need to define some route.that’s why laravel map the route in provider/RouteServiceProvider
in RouteServiceProvider we have added a list of middlewares and our custom route.
(Auth::routes() in web guard, https://stackoverflow.com/questions/39196968/laravel-5-3-new-authroutes)
(in api guard, we need to add auth:api in middleware if u need authentication. like this : Route::middleware(‘auth:api’)->group(…))
when u use Auth->attempt(), Auth->user() in your program, it’s actually interact from SessionGuard or TokenGuard.
(Auth alias AuthManager initialize a guard in the construction,and transfer the request to the guard)