How Laravel 5.4 Uses Guards For Native Multi Authentication

Take a look inside:
/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php

Review the authenticate() method, which takes an array of guards.

protected function authenticate(array $guards)
    {
        if (empty($guards)) {
            return $this->auth->authenticate();
        }
        foreach ($guards as $guard) {
            if ($this->auth->guard($guard)->check()) {
                return $this->auth->shouldUse($guard);
            }
        }
        throw new AuthenticationException('Unauthenticated.', $guards);
    }

File above is: /vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php

Notice the foreach ($guards as $guard) which means every guard you pass to this must pass the check(), otherwise an AuthenticationException is thrown. TheAuthenticationException can be handled by editing your app/Exceptions/Handler.php file which contains an unauthenticated method.

Thus, you can pass multiple guards to your authentication checks provided you have set-up & defined these guards.

For example, you might have the following 'guards' defined in your config/auth.php file:

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'customer' => [
        'driver' => 'session',
        'provider' => 'customer',
    ],

    'api' => [
        'driver' => 'token',
        'provider' => 'users',
    ],
],

To check against both these guards (to check Auth against multiple guard providers you can do something like this in your Controllers __construct() call (or directly on the method of your choice:

class customerController extends Controller
{

    public function __construct() {
      $this->middleware('auth:customer,web');
    }
... other controller methods...
}

So that would check that the request is coming from a session that has authenticated as both a standard 'web' user and a customer also.