Laravel 5.3 + Passport: always unauthenticated error

1
votes

I'm always receiving "Unauthenticated error" when using Passport in my current project. That's what I did the lasts 3 days:

  • Install and configure Passport (as docs says)
  • Request a token (password grant token) with Postman
  • Request a protected route (auth:api middleware) with the token
  • Get `{ "error": "Unauthenticated." }`
  • Search and search and research
  • Get `{ "error": "Unauthenticated." }`

Then, I've installed a fresh L5.3 and a fresh DB and works fine. Even with my current DB!

I've tried all the solutions that I found without success ...

Can anyone help me? Any idea would be appreciated.

Thanks.

3
laravel-5.3laravel-passport
i guess you send token as authorization parameter in header according to documents about OAuth , but apache block this parameter and passport middleware cant authenticate your request, change authentication name to other thing such as token or key or everything except authorization. be successfulatf.sgf

3 Answers

3
votes

I had the same problem as you and looked everywhere to find a solution.

It appeared to be Apache's fault in my case. Apache was deleting the header "Authorization: Bearer TOKEN_HERE" so the auth:api wouldn't work as expected (getting 401 unauthorized).

We ended up trying adding to our .htaccess:

RewriteCond %{HTTP:Authorization} ^(.*)

RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

And it magically worked.

I really hope it helps, we spent a whole day trying many solutions, this is the one that worked for us.

1
votes

Which grant_type have you used to generate this token?

Possible resolutions are as follows

1: If you are using client credentials to generate your access_token, you have to turn on client_credentials, middleware as follows.

1.1 Add to the routeMiddleware in \App\Http\Kernel.php

'client_credentials'     => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class,

1.2 Use 'client_credentials' middleware in your route too.

Route::group(['prefix' => 'v1','middleware' => 'client_credentials'], function () {

    // Your routes here

});

2: For Grant Type Password

2.1 : Create a Password Grant Client

php artisan passport:client --password

2.2 : Request A token with following header fields

    'grant_type' => 'password',
    'client_id' => 'client-id',
    'client_secret' => 'client-secret',
    'username' => 'taylor@laravel.com',
    'password' => 'my-password',

End point /oauth/token

The token you get now should give you access to your api.

1
votes

My problem was an omision, I'm building a GraphQL api and in the middleware line at the configuration file "graphql.php" I put 

'middleware' => ['auth'],

when the correct way is:

'middleware' => ['auth:api'],