Error After Adding OTP about laravel-auth HOT 3 CLOSED

I ran into the same thing, i think the actual issue is in the laravel-auth-bladebones package:

https://github.com/claudiodekker/laravel-auth-bladebones/blob/master/templates/Controllers/Challenges/MultiFactorChallengeController.bladetmpl#L55-L64

Should be:

/**
* Handle an incoming multi-factor challenge confirmation request.
*
* {!! '@' !!}param  \Illuminate\Http\Request  $request
* {!! '@' !!}return \Illuminate\Http\JsonResponse|\Illuminate\Http\RedirectResponse
*/
public function store(Request $request): JsonResponse|RedirectResponse
{
    return parent::store($request);
}

Or

/**
* Handle an incoming multi-factor challenge confirmation request.
*
* {!! '@' !!}param  \Illuminate\Http\Request  $request
* {!! '@' !!}return mixed
*/
public function store(Request $request): mixed
{
    return parent::store($request);
}

Or since its the blade driver, its better to remove the JsonResponse from the store and sendAuthenticatedResponse method completely and only return RedirectResponse? 🤔

Workaround for projects using the laravel-auth-bladebones package is to overwrite the store method in your app App\Http\Controllers\Auth\Challenges\MultiFactorChallengeController:

/**
 * Handle an incoming multi-factor challenge confirmation request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\RedirectResponse
 */
public function store(Request $request): JsonResponse|RedirectResponse
{
    return parent::store($request);
}

from laravel-auth.

I took a gamble on which repo to post the issue in... guess I picked the wrong one

from laravel-auth.

You're absolutely right, definitely an issue with the bladebones package!

To fix it for your app, you should be able to simply add the return type within your app, but I'll make sure to adjust this within the boilerplating once the "proper" laravel-auth-blade package is done (aimed for later this week)

Essentially, what's happening is that this part is providing a RedirectResponse return object:
https://github.com/claudiodekker/laravel-auth-bladebones/blob/master/templates/Controllers/Challenges/MultiFactorChallengeController.bladetmpl#L95-L97

    /**
     * Sends a response indicating that the user has been successfully authenticated.
     *
     * {!! '@' !!}param  \Illuminate\Http\Request  $request
     * {!! '@' !!}param  \Illuminate\Contracts\Auth\Authenticatable  $user
     * {!! '@' !!}param  string  $intendedUrl
     * {!! '@' !!}return \Illuminate\Http\JsonResponse|\Illuminate\Http\RedirectResponse
     */
    protected function sendAuthenticatedResponse(Request $request, Authenticatable $user, string $intendedUrl): JsonResponse|RedirectResponse
    {
        Session::flash('status', __('laravel-auth::auth.success'));

+       if (! $request->wantsJson()) {
+           return redirect()->to($intendedUrl);
+       }

        return new JsonResponse([
            'redirect_url' => $intendedUrl,
        ], 200);
    }

Which is then returned back up the tree, and back up to the store method, which then throws an error due to mismatched return types.

The strict and less strict (yet both 100% valid and correct) fix to this is essentially what @bjrnblm suggested in the first part of their previous comment: Either add the RedirectResponse return type as a compound, or replace the return type with mixed (or remove it altogether if you don't really care about types).

from laravel-auth.