Laravel 5.3 Passport API unauthenticated in Postman using personal access tokens

2
votes

I have set-up Laravel using passport as per the documentation here: https://laravel.com/docs/5.3/passport

A few people have asked about this using the oAuth implementation but I'm trying to use the personal access tokens not oAuth. One suggestion was to remove the auth middleware but obviously this leaves the application wide open so anyone can make requests.

I have the following route (in routes/api.php):

Route::get('/test', function(){
    return 'returned string from test route';
})->middleware('auth:api');

This works if I remove the auth middleware so the route is working correctly but when enabling the auth middleware again I get the following error in postman:

{"error":"Unauthenticated."}

These are the headers being sent via postman:

GET /api/test HTTP/1.1
Host: localhost:8000
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImU4ZmY5MDMwY2EyM2E2MDYwODViN2Y3ZWNiMzcxNDY1MzQxNDViNTk4ODU4NmZhNDljYzU2YjMzYWZiNzhkYTk5OTIwZWMzYzEwNTBkNjZjIn0.eyJhdWQiOiIyIiwianRpIjoiZThmZjkwMzBjYTIzYTYwNjA4NWI3ZjdlY2IzNzE0NjUzNDE0NWI1OTg4NTg2ZmE0OWNjNTZiMzNhZmI3OGRhOTk5MjBlYzNjMTA1MGQ2NmMiLCJpYXQiOjE0NzU1MDMxNjUsIm5iZiI6MTQ3NTUwMzE2NSwiZXhwIjowLCJzdWIiOiIxIiwic2NvcGVzIjpbXX0.IpzKK29dJCpliUXQvPRss87kGFngFcXXwV3jRwhbZOZLxl-4UV70cBsSigmqUuBsHQ4onVl_Cjcq6cEmMFvTZZr7D9AtY3EmScvMPjoFh4KQ3wgd5CoyWfcLQgoBxbElNxL0xW2fIQhpeQd_8Yz_Pr5BByGVTpxfg4JJZ4PzovvZsa2R3izYtqw6-qeurQOtsfOnot5uoLDeDDc76klifnfHfOcNZSoIFGNP3gIGKYBe6lfFuDViR_mQkwQS5_UmERt3GSkEvJjGMtwcRjWY7VPAJ4tvWLnyLw0roGU2e37L0wsqfJ8OrG0Cipv-anXAW_utSo-fiVMr8ZeAWIPguq73Zd44x95YY3nNPOKD5dVIRZM7rQgdhjIwTEz1ggtSXLp-Fu3QOtXaHUahCHvjOTdiTYEa-GR4TZ5wGzt-aRhjdBB7WTe0C6T9ZWVwQr0kJk8AxW6ne87wwJYp_shGunTclZ3SCq5VYg2K_MclbJl65-dT8x-nwqg0lqfNx9s1wmtryrMFIPoBEyaGNEK1aWGHKq418-BIQ1_UAhcHHtEXclWvsGWwhyo3aso-E-sCN2o_IkYvSboIsdFAIXvDvQmoAwis6f1J57zWH8AW1ynCFcBgzBDjIyiaCE5nqtb_4zbEXr8L1EbcllbtZkq3vd9w996kO7xlpBEWwPY8IWg
Accept: application/json
Cache-Control: no-cache
Postman-Token: 6bc483b2-23df-acce-7eef-5a443f8f5d45
4
phplaravellaravel-5.3
I have the same problem. cannot understand why :(baxri
@ba me too still hapening May 11 2017Rabb-bit
@Rabb-bit are you using a 32bit version of PHP? If so that's your problem... well the 2038 problem en.wikipedia.org/wiki/Year_2038_problem either upgrade to a 64 bit version of PHP are change the token expire to something less than 2038 (currently its + 100 years from todays date)twigg

4 Answers

2
votes

  • Firstly, NEVER modify the vendor files unless you have a fully legitimate reason for doing so and there's a feature you wish to see implemented or a bug you've discovered and fixed in the package you're using.

  • Expiration time on the JWT might be already set to expire as soon as it's made. Here's a link you can use to check the "ttl" (Time To Live) field of your access tokens:

https://jwt.io/

If you find that your tokens are expiring on creation, you can go to your app\providers\AuthServiceProvider.php class and add in these methods on use of Passport Class:

use Carbon\Carbon;
use Laravel\Passport\Passport;
...

Class AuthServiceProvider extends ServiceProvider {
    ...
    ...

    public function boot() {
        $this->registerPolicies();
        Passport::routes();
        Passport::tokensExpireIn(Carbon::now()->addYears(20));//You can also use addDays(10)
        Passport::refreshTokensExpireIn(Carbon::now()->addYears(20));//You can also use addDays(10) 
        Passport::pruneRevokedTokens(); //basic garbage collector
    }
}
  • Make sure you're using the most recent version of Passport Currently I'm on version 1.0.8 but I might already be out of date as they and the community are constantly pushing new revisions every few weeks.

Here are links to some related issues regarding this problem. You might be able to locate your answer within one of the below links. If what's mentioned above isn't what you're looking for.

Passport - "Unauthenticated." - Laravel 5.3

Very Detailed

https://github.com/laravel/passport/issues/151

0
votes

in passport.php there are two functions

public static function tokensExpireIn(DateTimeInterface $date = null)
{
    if (is_null($date)) {
        return static::$tokensExpireAt
                        ? Carbon::now()->diff(static::$tokensExpireAt)
                        : new DateInterval('P100Y');
    } else {
        static::$tokensExpireAt = $date;
    }

    return new static;
}

/**
 * Get or set when refresh tokens expire.
 *
 * @param  \DateTimeInterface|null  $date
 * @return \DateInterval|static
 */
public static function refreshTokensExpireIn(DateTimeInterface $date = null)
{
    if (is_null($date)) {
        return static::$refreshTokensExpireAt
                        ? Carbon::now()->diff(static::$refreshTokensExpireAt)
                        : new DateInterval('P100Y');
    } else {
        static::$refreshTokensExpireAt = $date;
    }

    return new static;
}

you must change P100Y to P1Y. and also in PassportserviceProvider.php at line 101 there is code 

 $server->enableGrantType(
                new PersonalAccessGrant, new DateInterval('P100Y')
            );

change P100Y to P1Y. hope it helps you :)

0
votes

Please check if the token was copied properly, i always observed when i copy the personal tokens, in the last there is a word 'Close' copied also. eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImU4ZmY5MDMwY2EyM2E2MDYwODViN2Y3ZWNiMzcxNDY1MzQxNDViNTk4ODU4NmZhNDljYzU2YjMzYWZiNzhkYTk5OTIwZWMzYzEwNTBkNjZjIn0.eyJhdWQiOiIyIiwianRpIjoiZThmZjkwMzBjYTIzYTYwNjA4NWI3ZjdlY2IzNzE0NjUzNDE0NWI1OTg4NTg2ZmE0OWNjNTZiMzNhZmI3OGRhOTk5MjBlYzNjMTA1MGQ2NmMiLCJpYXQiOjE0NzU1MDMxNjUsIm5iZiI6MTQ3NTUwMzE2NSwiZXhwIjowLCJzdWIiOiIxIiwic2NvcGVzIjpbXX0.IpzKK29dJCpliUXQvPRss87kGFngFcXXwV3jRwhbZOZLxl-4UV70cBsSigmqUuBsHQ4onVl_Cjcq6cEmMFvTZZr7D9AtY3EmScvMPjoFh4KQ3wgd5CoyWfcLQgoBxbElNxL0xW2fIQhpeQd_8Yz_Pr5BByGVTpxfg4JJZ4PzovvZsa2R3izYtqw6-qeurQOtsfOnot5uoLDeDDc76klifnfHfOcNZSoIFGNP3gIGKYBe6lfFuDViR_mQkwQS5_UmERt3GSkEvJjGMtwcRjWY7VPAJ4tvWLnyLw0roGU2e37L0wsqfJ8OrG0Cipv-anXAW_utSo-fiVMr8ZeAWIPguq73Zd44x95YY3nNPOKD5dVIRZM7rQgdhjIwTEz1ggtSXLp-Fu3QOtXaHUahCHvjOTdiTYEa-GR4TZ5wGzt-aRhjdBB7WTe0C6T9ZWVwQr0kJk8AxW6ne87wwJYp_shGunTclZ3SCq5VYg2K_MclbJl65-dT8x-nwqg0lqfNx9s1wmtryrMFIPoBEyaGNEK1aWGHKq418-BIQ1_UAhcHHtEXclWvsGWwhyo3aso-E-sCN2o_IkYvSboIsdFAIXvDvQmoAwis6f1J57zWH8AW1ynCFcBgzBDjIyiaCE5nqtb_4zbEXr8L1EbcllbtZkq3vd9w996kO7xlpBEWwPY8IWg Copy

If this is not your case check if that token exist, or generate a new one. you can use this format to protect route like this 

Route::middleware('auth:api')->get('/home', function(){
    return 'test';
});
0
votes

I Had this problem ... two hours down the pan. Something very strange was happening and in my case I think Postman was the culprit.

Inspect the received header to rule it out:

Route::get('/test', function(){
    dd( Request::header());
})/*->middleware('auth:api')*/; //disable auth middleware to inspect header

this is the strange thing I found:

.........
"authorization" => array:1 [
    0 => b"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJ ................

what the hell was the 'b' before Bearer ACCESS_TOKEN ??? I typed it out again and it dissapeared and auth middleware started working.

Inspect the header exactly and then add the middleware back. This might just be the cause!