Search code examples
laravellaravel-5.6laravel-passport

Laravel 5.6 Passport Unauthenticated

I followed the Laravel official docs as well as the following article https://medium.com/techcompose/create-rest-api-in-laravel-with-authentication-using-passport-133a1678a876

Register works fine and return token Login works fine and return token But when I use it as following get Unauthenticated.

curl -X POST \
  http://api.local/api/details \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjY0YmE0ZTUxMzBhYWQwYzdmZWVkODRhYTZhNzI4YjE2YjE1NWJhYzA0YmQwMmIxYWZjMGU3NTVjYzk1Y2QwYzY3ZWMzNTRlNzA1MTg0YjY4In0.eyJhdWQiOiIxIiwianRpIjoiNjRiYTRlNTEzMGFhZDBjN2ZlZWQ4NGFhNmE3MjhiMTZiMTU1YmFjMDRiZDAyYjFhZmMwZTc1NWNjOTVjZDBjNjdlYzM1NGU3MDUxODRiNjgiLCJpYXQiOjE1Mzc4NzIxNjcsIm5iZiI6MTUzNzg3MjE2NywiZXhwIjoxNTY5NDA4MTY3LCJzdWIiOiIwIiwic2NvcGVzIjpbXX0.GHGKOiWm_8gr4Hib0ZtCq_FdQSDAntPl2zPIHkkTfTien1PHCoE79S7MdZRdEhjxt5Ds5E2JXhajfa9rDfiXHzKGtmzcRD_VYYxKnWupnhiMlJeHJsmXaWKLjYIw3InQYZtV_cYdcXlYWTDWcCOR1Xr7ezkYECz16oOumtgarPxVRZTHehpj4WiRDDgB4VTRZiRfsHYxMruh55wuT8OkbUAOalRaqwwxfplLYwdfTAcu4vUdwPfswu2_eZ6l1b_8Jd8Jsk5niXROQ7pIAL1oYX0V_HbNz9YkrlbiZN-w9FoM3fMZpYL7hcg1Jcocd7dGPUkcGaMOMjjcRuj5XAKEJOZbQlxs0n5wo4W3Sz11bnO4dRetTj9hyF97QDoaHFduPj4tnn6lItRbBGjQTGy_5qNlckhXxRYTlsYUZ6oNUUU2bUV_hBdklYRCtWgY1DY-Ds0DVhuujea9_u0w0swDwRh5VlV_gQaKEO0sEv-fzg_23UdPpfHgaG8-NHTYs5LsRSNS1iz4hpXuTjZzUOBsAk_k-V13wjeeXElLxy2PgN5s87IVJPEvDtd5F89PjzvaDHM5wsYwmUlnCnzBa8ZEtG8Wj62qBY_RooBmSNzWlT62SpJDbs25GaWOf8y7EtuICcuaOg7bMoGICKJc4GmkK_ltk-M7WieJD95InnWBJ-E'

returns

{
    "error": "Unauthenticated."
}

enter image description here enter image description here

Routes:

Route::post('login', 'API\UserController@login');
Route::post('register', 'API\UserController@register');
Route::group(['middleware' => 'auth:api'], function(){
    Route::post('details', 'API\UserController@details');
});

AuthServiceProvider:

public function boot()
{
    $this->registerPolicies();
    Passport::routes();
    Passport::tokensExpireIn(Carbon::now()->addYear(21));
    Passport::refreshTokensExpireIn(Carbon::now()->addYear(30));
}

config/auth.php

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'passport',
        'provider' => 'users',
    ],
],

Token: enter image description here

Any idea, why /details request is not being autgenticated event passing with valid token?

Solution

  • Everything there looks fine to me. The only thing I could suggest is that you need to add the following to your .htaccess rewrite rules (assuming you are using apache).

    # Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    For nginx you could try 

    proxy_set_header HTTP_AUTHORIZATION $http_authorization;

    Also, I just noticed that your oauth_access_tokens row does not contain a user id.

    Make sure your login has something along the lines of:

    if(Auth::attempt(['email' => request('email'), 'password' => request('password')])) {
    $user = Auth::user();
    $token =  $user->createToken('MyApp')->accessToken;
    $status = 200;
}
else{
    $error = "Unauthorised";
    $status = 401;
}
return {your json response}