Laravel 5.7 - Spark API authentication session issues

1
votes

Just going to preface this question by saying that I'm diving back into Laravel after a while of not using it, it appears there are a lot of changes, and the current project in question is using A LOT of the baked in "Laravel Ecosystem"... so I could be missing some context here.

The issue : After upgrading from Laravel 5.6 to 5.7, auth-guarded API routes are busting because of session expiry, even immediately after logging in (prompting logout).

The configuration :

/config/auth.php

'guards' => ['api' => ['driver' => 'spark']]

/routes/api.php

Route::group([
    'middleware' => 'auth:api'
], function () {
    // Routes in here are busting
}

/app/Providers/SparkServiceProvider.php

protected $usesApi = true; // yup

Additional info :

  • The site uses the Socialite plugin for managing user authentication
  • There are indeed spark_token's in the request
  • Vue client making the calls, getting status 401 Unauthorized on the next page load after successfully authenticating via login form
  • It was working perfectly fine before upgrading from Laravel 5.6 to 5.7

Any ideas? I've poured through the Laravel 5.7 release notes / upgrade guide, not finding any relevant info.

1
laravellaravel-5laravel-spark
session expiry? API routes don't normally have sessions.Devon
From the outset the application is telling me the session has expired, most likely a default reaction to unauthorized calls.coleman-benjamin
@Meowts, perhaps the route being accessed is not within the "scope" of the token being issued?TJ Weems
@TJWeems I wasn't aware of token scopes, apparently that's a thing, but I can't find any definitions to do with that. What throws me off is that it's not using Passport, and there's a lot of boilerplate to sift through. Might need a sledgehammer.coleman-benjamin
@Meowts - did you find a solution for this?LeigerGaming

1 Answers

0
votes

Found a solution that worked for me:

Add to app/Http/Middleware/EncryptCookies.php

    /**
     * Indicates if cookies should be serialized.
     * @var bool
     */
    protected static $serialize = false;

Then clear cookies from your browser, and retry logging in.