user(); } catch (\InvalidArgumentException) { $sanctumUser = null; } if ($sanctumUser) { Auth::setUser($sanctumUser); if ($response = $this->denyUnavailableAccount($sanctumUser)) { return $response; } return $next($request); } try { if ($apiUser = Auth::guard('api')->user()) { Auth::setUser($apiUser); if ($response = $this->denyUnavailableAccount($apiUser)) { return $response; } return $next($request); } } catch (\Throwable) { } $token = $request->bearerToken(); if ($token) { try { $jwtUser = JWTAuth::setToken($token)->authenticate(); if ($jwtUser) { Auth::setUser($jwtUser); if ($response = $this->denyUnavailableAccount($jwtUser)) { return $response; } return $next($request); } } catch (JWTException $e) { } } return response()->json(['message' => 'Unauthorized.'], 401); } private function denyUnavailableAccount(object $user): ?Response { if (AccountAvailability::isAuthUnavailable($user)) { return response()->json(['message' => 'Account unavailable.'], 403); } return null; } }