I am using passport in laravel for authenticating my users in APIs. I am able to authenticate different types of users from different tables and generating different token for them but the routes are not protected. For example.
A user can access the routes like this

Route::group(['middleware'  =>  'auth:api'], function () {
    Route::group(['prefix'  =>  'v1'], function () {
        Route::get('get-seller-list','API\v1\SellersController@index');
    });
});

and A doctor can access the routes like

Route::group(['middleware'  =>  'auth:sellers'], function () {
    Route::group(['prefix'  =>  'v1'], function () {
    Route::get('get-seller-detail','API\v1\TestController@getDetails');
    });
});

but this middleware check doesn't seem to be working as I can access all the routes for sellers even if I have passed the token generated for api in Bearer header.

My config/auth.php looks like

'guards' => [
        'user' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'seller' => [
            'driver' => 'passport',
            'provider' => 'sellers',
        ],

        'admin' => [
            'driver' => 'session',
            'provider' => 'admins',
        ],

        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],
    ],

I think you have problem in middleware routes so follow this article

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.