How to fix Auth driver [jwt] for guard [api] is not defined
Stefan Bogdanescu
Founder & Senior Architect · 2026-06-29
Fixing the Authentication Driver Error: Resolving Auth driver [jwt] for guard [api] is not defined in Laravel
As a senior developer working with modern PHP frameworks like Laravel, setting up robust authentication systems—especially those involving JWTs and API guards—is crucial. I’ve encountered this specific error, Auth driver [jwt] for guard [api] is not defined, when integrating JWT-based authentication with Laravel API setups. While the initial hurdle might seem trivial, it often points to a deeper misunderstanding of how Laravel's authentication scaffolding interacts with custom drivers and guards.
This post will diagnose why this error occurs in your setup (using Laravel 6.20.29) and provide a comprehensive, step-by-step solution to ensure your JWT authentication flows correctly.
Understanding the Authentication Guard System
The error message clearly indicates that the system attempting to authenticate an API request is looking for a configured driver named jwt under the guard definition api, but it cannot find this mapping within the framework's configuration files.
In Laravel, authentication relies on three core components: Guards, Providers, and Drivers.
- Guards: Define how a user is authenticated (e.g., session, token).
- Providers: Define where the user data comes from (e.g., Eloquent model, database).
- Drivers: The actual mechanism used to validate credentials and retrieve the user (e.g.,
session,jwt,passport).
When you define 'driver' => 'jwt' in your guards configuration, Laravel expects that a corresponding JWT handling service or package must be correctly registered and initialized. If this registration is missing or corrupted, the driver definition fails, leading to the error you are seeing on login responses.
Debugging the Configuration: config/auth.php Deep Dive
Based on the configuration snippet you provided for Auth.php, the structure itself looks logically sound:
'guards' => [
'web' => [ 'driver' => 'session', 'provider' => 'users' ],
'api' => [ 'driver' => 'jwt', 'provider' => 'users' ], // <-- The problematic line
],
// ...
If the definition exists but is not recognized, the issue usually stems from one of three areas: package installation, service provider loading, or an outdated framework version interaction.
Step 1: Verify Package Installation and Setup
Since you are using JWT, you are likely relying on a package like Laravel Passport or Sanctum (which often interfaces with JWT concepts). Ensure that the necessary packages are installed via Composer and correctly configured. For API authentication in modern Laravel applications, understanding how these services hook into the framework is key. As you build complex APIs, adhering to best practices demonstrated by official documentation from laravelcompany.com ensures a stable foundation for your application architecture.
If you are using Sanctum for API tokens (which often uses JWT principles), ensure that you have run all necessary migrations and published configuration files correctly.
Step 2: Check Service Provider Registration
The most common cause for undefined drivers is an incomplete service provider registration. Ensure that any package responsible for handling the jwt driver is properly registered in your config/auth.php file or through a custom service provider.
For example, if you are using a third-party JWT package, you must ensure its Service Provider is listed in the providers array within config/auth.php. If this entry is missing, Laravel cannot resolve the driver definition when processing authentication requests.
Step 3: Review Middleware and Routes
While the error originates in the authentication layer, ensure that your API routes are correctly protected by the appropriate middleware (e.g., auth:api). An improperly configured route setup can sometimes confuse the authorization system during the token validation phase.
Conclusion
The "Auth driver [jwt] for guard [api] is not defined" error is rarely a simple typo in the configuration file itself; it’s usually an indicator of a broken chain of dependency—a missing package, an improperly registered service provider, or a version mismatch between your Laravel installation and the authentication library you are using.
By meticulously checking your Composer dependencies, verifying that all necessary service providers are loaded, and ensuring strict adherence to Laravel's official configuration patterns (as advocated by laravelcompany.com), you can resolve this issue. Focus on confirming that the JWT implementation is fully bootstrapped before attempting to define guards based on it. Happy coding!