I'm having some troubles with the authentication layer. No matter what I try, I can not use the laravel 4.2 basic auth functionality.
I protected my route in the constructor and this is the response after making a post request with postman:
{"message":"Invalid authentication credentials.","status_code":401}
I'm using 0.8.2
ortix
All 16 comments
Can you login using the same credentials with a simple Auth::attempt somewhere to make sure that you can successfully authenticate.
jasonlewis
on 8 Jan 2015
I can successfully authenticate using Auth::attempt().
If I try to access a protected route and if I try to access the corresponding URI from the browser it won't even try to authenticate, it will just fail whereas laravel's filter does ask for a password
ortix
on 11 Jan 2015
Hi @Ortix92,
I experienced the same thing. How does your webserver configuration look like? It might be that the authorization headers are not sent. I'm using Apache and had to add the following for this to work
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
stelgenhof
on 14 Jan 2015
I'm using nginx and php-fpm. The auth headers are sent when using the regular laravel basic auth. But as soon as dingo comes into play it breaks down. Weird..
ortix
on 18 Jan 2015
How do your routes look like?
stelgenhof
on 18 Jan 2015
Hi, I have the same problem, i am using dingo with jwt-auth. Always got:
{"message":"Failed to authenticate because of bad credentials or an invalid authorization header.","status_code":401}
Route:
Route::api(['version' => 'v1', 'after'=>'cors'], function() {
Route::group(['prefix' => 'account', 'protected' => true, 'providers' =>'jwt'], function() {
Route::post('/login', ['protected' => false, 'uses' => 'UserController@login']);
Route::get('/test_credentials', 'UserController@test_credentials');
});
});
And i added: Authorization: Bearer {token} in http header.
what i am doing here is
- login and get the token
- use the token to access a protected route.
it fails :(
ruanyl
on 19 Jan 2015
@ruanyl This might be the same issue as yours tymondesigns/jwt-auth#16
tymondesigns
on 19 Jan 2015
@tymondesigns Yeah! I got it solved :smile: Thank you for the information!
ruanyl
on 19 Jan 2015
Hi @Ortix92,
You might want to add the following to your .htaccess file:
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
As mentioned also by everybody here, the http headers are not set and the above will correct that.
Sacha
stelgenhof
on 19 Jan 2015
Sounds like this is resolved? I shall close it then. Cheers to all who helped.
jasonlewis
on 19 Jan 2015
It turned out to be this line in the config:
'auth' => [
'basic' => function ($app) {
return new Dingo\Api\Auth\BasicProvider($app['auth'], 'username'); // second parameter defaults to email.. i did not know that
},
],
I had no idea it was defaulting on email.. In the documentation it's inferred that the default value can be changed to, for example, email.
ortix
on 26 Jan 2015
Good to hear @Ortix92! I remember now I also changed that setting :)
stelgenhof
on 26 Jan 2015
'auth' => [
'jwt' => 'Dingo\Api\Auth\Provider\JWT'
],
result
NguyenTheSon
on 14 Apr 2016
It should add below to *.conf
<VirtualHost *:80>
...
...
# Fix authentication headers
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
...
</VirtualHost>
But add this to .htaccess don't work
feefk
on 7 Sep 2016
I did all ways that described but none of them does not work and when sent requests to protected endpoint 404 Not Found error occures
ahmadbadpey
on 22 Oct 2016
add this to your config/api.php
'auth' => [
'jwt' => 'Dingo\Api\Auth\Provider\JWT'
],
cpmichael
on 18 Nov 2017
Related issues
adrian-fjellberg
路
4Comments
MicroDroid
路
3Comments
jhayiwg
路
3Comments
dejan7
路
3Comments
sukh-gill
路
3Comments
Most helpful comment
Hi @Ortix92,
I experienced the same thing. How does your webserver configuration look like? It might be that the authorization headers are not sent. I'm using Apache and had to add the following for this to work