I ran into the same issue. It turns out apache removes the authorization header by default. (A little ridiculous in my opinion). By dropping the following in your .htaccess file in your public folder fixes the issue:

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

Thank you! I had it in my .htaccess file for the app root directory but not the public directory. That fixed everything. Great work on this!!!

No problem. Glad that fixed it for you. I use Apache on my local dev environment and Nginx in production. Nginx does not remove the header so there is no need for extra configuration. This might be something nice to add to the installation wiki to prevent someone from running into the same issue.

Glad you sorted it.. I will b looking at the whole request parsing system soon, as I think it needs tightening up a bit.

Thanks

I added
RewriteCond %{HTTP:Authorization} ^(._)
RewriteRule ._ - [e=HTTP_AUTHORIZATION:%1]
into my .htaccess in public, but
token not provided still

IvanKalinin, I think you're missing some asterisks

tried the answer by @donald-slagle. It worked ! Thanks a lot :)

@donald-slagle saved my day :+1:

RewriteCond %{HTTP:Authorization} ^(._)
RewriteRule ._ - [e=HTTP_AUTHORIZATION:%1]
put this into my project .htaccess but still "token_not_provided" :(

@Hammad51 Did you put it in the .htaccess in your public directory?

yes, i did..
here is my .htaccess
Options +FollowSymLinks
RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
RewriteCond %{HTTP:Authorization} ^(._)
RewriteRule ._ - [e=HTTP_AUTHORIZATION:%1]

Try putting it as the first thing. I don't know if that will help, but that's how mine is and it works:

Rewrite

Options -MultiViews

RewriteEngine On

# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Fix authentication headers
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

still {"error":"token_not_provided"}

I'm 99% sure it's not a bug since I have this used in about 10 different Laravel apps, of all versions, and it works great. Did you check the request to make sure it includes the header when the browser makes it?

This is my request header
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,_/_;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,ms;q=0.6,ur;q=0.4
Cache-Control:max-age=0
Connection:keep-alive
Cookie:_ga=GA1.1.1250682879.1451633371
Host:localhost
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36

There's no auth in that request header.

You'll need to add the Authorization: Bearer {{key}}

have a look at my routes.php
$api->group([
'version' => 'v1',
'namespace' => 'App\Http\Controllers\api',
'middleware' => 'jwt.auth',
], function($api){
$api->get('users', ['uses' => 'UsersController@getUsers']);
$api->get('/user/{id}', ['uses' => 'UsersController@getUser', 'as' => 'singleUser']);
$api->post('/user', ['uses' => 'UsersController@saveUser', 'as' => 'saveUser']);
$api->put('/user/{id}', ['uses' => 'UsersController@updateUser', 'as' => 'updateUser']);
$api->delete('/user/{id}', ['uses' => 'UsersController@deleteUser', 'as' => 'deleteUser']);
});

I don't think you understand how this works. Please re-read the tutorial. What you're looking for in your headers (in Postman or Chrome when actually testing) is the Authorization header:

Accept:application/json, text/plain, _/_
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8,de;q=0.6,es;q=0.4,pt;q=0.2
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjEsImlzcyI6Imh0dHBzOlwvXC93d3cubWF0dGJsdW1waG90b2dyYXBoeS5jb21cL2FwaVwvdjFcL2F1dGhlbnRpY2F0ZSIsImlhdCI6IjE0NTI3MDI3ODMiLCJleHAiOiIxNDU2MzAyNzgzIiwibmJmIjoiMTQ1MjcwMjc4MyIsImp0aSI6ImFlNzgxYjVhMTcwMTMxZmU3NmFlZTg4OWY4ZGY5NmVlIn0.H0XDsZATgFf3BmTnUh9f7yRVN0VpQLNrG35YqcQ7IPY
Cache-Control:no-cache
Connection:keep-alive
Content-Length:817
Content-Type:application/json;charset=UTF-8

hmm thank you for your kind response.. but i don't know how to include this into headers.
i configured jwt with my lumen by following this tutorial but something is wrong with headers http://laravelista.com/json-web-token-authentication-for-lumen/

Ok not to be a jerk, but then that's why it won't work. Learn how to do that and then it will work :)

Thank you very much for your prompt replies, really appreciated.
I'm going to take a look at jwt again.

It's right there in the name: Javascript Web Token. You have to use JS to put the header in. We use Angular but any JS will work, you just have to learn how to do it for whichever framework you're using. Good luck.

Hello again, i get it working.. i'm sending my generated token to get response from protected routes but all i get in response is
{
"error": "user_not_found"
}
This is how i'm generating token
$user = Auth::user();
return $token = JWTAuth::fromUser($user);
any thoughts why i'm getting this?
I'm sorry, i'm new to JWT

Hi there

I am struggling with the same error token_not_provided when calling a request through Postman. My .htaccess file is:
RewriteEngine On

RewriteCond %{HTTP:Authorization} ^(._)
RewriteRule ._ - [e=HTTP_AUTHORIZATION:%1]

RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]

Looking at dev tools I can see I am passing through the Authorisation Bearer:
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0MSIsImlzcyI6Imh0dHA6XC9cL2RldmFwaS5maWxsaXQuY28uemFcL3YxXC9hdXRoZW50aWNhdGUiLCJpYXQiOiIxNDUyOTM2MTg0IiwiZXhwIjoiMTQ1MzAyMjU4NCIsIm5iZiI6IjE0NTI5MzYxODQiLCJqdGkiOiI0NzkwOTc4MTExODVhYzZjZGNlNTM4ZTFhYjk4NWU1ZiJ9.8nQ8Jy9wtObjYY7eAKzPplisJhcYQvT8vKaG_tROo14

My API is on a subdomain, could that have something to do with it?

Thanks

@fillit What is this?

RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]

@Hammad51 How are you instantiating that Auth object? If you to Log::info(Auth::user()) what do you get?

@mcblum the api is a subdomain i.e. api.subdomain.com. This code:
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]

is to be able to access the subdomain.

Do you know of an alternate method for this?

@mcblum i get authenticated user by Auth::user(); then i generate my token by following the docs https://github.com/tymondesigns/jwt-auth/wiki/Creating-Tokens#creating-a-token-based-on-a-user-object

$user = Auth::user();
return $token = JWTAuth::fromUser($user);

i'm using lumen 5.2

Nice fix, saved me too!
BTW it appears that this fix is not needed with "artisan serve", likely related to an earlier apache version.

@fillit change this:
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

for this:
RewriteCond %{HTTP:Authorization} ^(._)
RewriteRule ._ - [e=HTTP_AUTHORIZATION:%1]

(asterisks "*" are missing, regex stuff)

Seems to be a config thing
https://httpd.apache.org/docs/2.4/en/mod/core.html#cgipassauth

it's in the docs too
https://github.com/tymondesigns/jwt-auth/wiki/Authentication

@Hammad51 - The stable releases of jwt-auth don't yet support Lumen 5.2. It first started getting fixed on the dev branch a couple days ago. You can see #384 & #376 for details.

@isometriq - I think the asterisks were in @fillit's original code, but they got removed by GitHub's markdown parsing. (Yours are missing too and both of you have italics in your messages.) You can escape them with backslashes *, or use code blocks with tick marks ```:

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

@fillit - Which version of jwt-auth are you on? And Laravel/Lumen? Can you tell if the token is making it to Laravel or not? (e.g. print out Request::header('Authorization'))

There's a good overview of debugging basic Apache/Laravel authorization header problems in this StackOverflow thread.

@tdhsmith oops, you're damn right

@tdhsmith I found my issue - I wasn't updating the /public/.htacess file as well (what an idiot!!!)

Thanks!

@mcblum Here is my header at client side
`Accept:application/json, text/plain, _/_

Accept-Encoding:gzip, deflate, sdch

Accept-Language:en-US,en;q=0.8

Authorization:Bearer
yJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjE1LCJpc3MiOiJodHRwOlwvXC9zZXJ2ZWFzZW1lLmxvY2FsXC9pbmRleC5waHBcL2FwaVwvYXV0aGVudGljYXRlIiwiaWF0IjoxNDU0MzE1NDAyLCJleHAiOjE0NTQzMTkwMDIsIm5iZiI6MTQ1NDMxNTQwMiwianRpIjoiNTU2MzYzMmRjNjVkODE0NDE3ZDRkNDdhMjYxMDRiZGIifQ.Qyzsj0ragMvFiDhZpqN4WJOyuQXZvWYF9pWV6Bsafsc

Connection:keep-alive

Host:my.local

Origin:http://localhost`

Here's my .htaccess Still I am getting {"error":"token_not_provided"}

`

<IfModule mod_negotiation.c>

    Options -MultiViews

</IfModule>

RewriteEngine On

# Redirect Trailing Slashes...

RewriteRule ^(.*)/$ /$1 [L,R=301]

# Fix authentication headers

RewriteCond %{HTTP:Authorization} ^(.*)

RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

# Handle Front Controller...

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_FILENAME} !-f

RewriteRule ^ index.php [L]

`

What could be the problem?

Same thing happened to my... on Safari, using Laravel as I wanted to return redirect to different's controller action, looks like safari looses auth header when getting redirected. returning view directly helped so...

this didn't work (just on safari):
redirect()->action('UiController@showLoggedIn')

this works though:
return view('php.showLoggedIn')

Same error.
Im using version ^1.0@dev
I did all works but:
Token not provided

I can't get token: {"error":"token_not_provided"} when trying to authenticate...

I followed the step by @donald-slagle and it worked.
I've restarted my serve as well.
Thanks @donald-slagle

i have tried all solutions mentioned here but doesn't work for me. I am stuck in this issue plz check out my code if any body can help me
My publich/htaccess

Options -MultiViews

RewriteEngine On

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

my route is

Route::get('customers','CustomerController@index');

My response header is
Access-Control-Allow-Headers: Origin, Content-Type, x-xsrf-token
Access-Control-Allow-Origin: http://localhost:4200
Cache-Control: no-cache, private
Connection: close
Content-Type: application/json
Date: Tue, 05 Jun 2018 18:46:29 GMT
Date: Tue, 05 Jun 2018 18:46:29 +0000
Host: localhost:8000
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImtuOGpcL05xRGZDU1ZqcVA1dCs1a1VRPT0iLCJ2YWx1ZSI6Ikh2RFRveDFNZFwvbm1NcDBpaWJzd2tIazNOR1g3b2ZPVVRpbEhWTG9VN1ZCUzRnUmxkY2czRXR4a1ZJUE9oTjk0RkhleHhcL0phNDRCM1k0RFkyM1FHemc9PSIsIm1hYyI6ImM4OTJjZjEwMThhYjBlOTIyZjA0YTZlMjRmZWU1NzE2NzdjOTBjYTMwN2FiNDc1ZDlhMWZlZjBlNzE4MmVjZmMifQ%3D%3D; expires=Tue, 05-Jun-2018 20:46:29 GMT; Max-Age=7200; path=/
Set-Cookie: laravel_session=eyJpdiI6ImZ4ZVZkbWJYZTg3TXp6WDZKVlZqQUE9PSIsInZhbHVlIjoiODhSelVTTHBCMkljRG0xVjR1TE11RXRnNUxNOG1LblFrUXdBamVsYnpRVjJteWxQbkpJXC92QldBVTFOQlV0clA5RlwveGtFMmQrVDdZK1lXUzRTa3MyQT09IiwibWFjIjoiM2VhZmVmNTAzYjBmYTlkNGUzYWY5YmQ3M2UzZDgxZjhkNjNlMzYyYzQ1MmZlZDljZGRmOGE0NzI2ZmVlMjMxMSJ9; expires=Tue, 05-Jun-2018 20:46:29 GMT; Max-Age=7200; path=/; HttpOnly
Transfer-Encoding: chunked

X-Powered-By: PHP/7.2.1

my request header is
Accept: application/json, text/plain, /
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Host: localhost:8000
Origin: http://localhost:4200
Referer: http://localhost:4200/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36

Resposne : {"error":"token_not_provided"}

Hi, I have the same problem as {'error': 'token_not_provided'}. I'm using Laravel 5.6 with "tymon / jwt-auth": "^ 0.5.12", everything worked fine on my localhost, but when I uploaded it to the hosting now I get the error mentioned above. In the headers I am sending the token, and I already change the .htaccess as indicated in this thread, but even so it does not work for me. Here are the headlines:

`
Response Headers

Access-Control-Allow-Origin: https://www.**.com
Access-Control-Expose-Headers: Authorization
Cache-Control: no-cache, private
Connection: close
Content-Type: application/json
Date: Sat, 21 Jul 2018 03:20:18 GMT
Server: Apache
Transfer-Encoding: chunked
Vary: Origin
X-Powered-By: PHP/7.2.7
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 58

Request headers

Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: es-CO,en-US;q=0.7,en;q=0.3
Access-Control-Allow-Headers: Origin, X-Requested-With, Cont…t-Type, Accept, Authorization
Authorization: Bearer eyJ0.......
Cache-Control: no-cache
Connection: keep-alive
Content-Type: application/json
Host: **.com
Origin: https://www.**.com
Pragma: no-cache
Referer: https://www.**.com/FrontAppDomicilio/
User-Agent: Mozilla/5.0 (X11; Linux x86_64…) Gecko/20100101 Firefox/61.0
`

Another thing I'm using a subdomain

send me code of ur core.php file

On Sat, 21 Jul 2018 at 8:40 AM, Andres David Echeverri Jimenez <
[email protected]> wrote:

Hi, I have the same problem as {'error': 'token_not_provided'}. I'm using
Laravel 5.6 with "tymon / jwt-auth": "^ 0.5.12", everything worked fine on
my localhost, but when I uploaded it to the hosting now I get the error
mentioned above. In the headers I am sending the token, and I already
change the .htaccess as indicated in this thread, but even so it does not
work for me. Here are the headlines:

`
Response Headers

Access-Control-Allow-Origin: https://www.**.com
Access-Control-Expose-Headers: Authorization
Cache-Control: no-cache, private
Connection: close
Content-Type: application/json
Date: Sat, 21 Jul 2018 03:20:18 GMT
Server: Apache
Transfer-Encoding: chunked
Vary: Origin
X-Powered-By: PHP/7.2.7
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 58

Request headers

Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: es-CO,en-US;q=0.7,en;q=0.3
Access-Control-Allow-Headers: Origin, X-Requested-With, Cont…t-Type,
Accept, Authorization
Authorization: Bearer eyJ0.......
Cache-Control: no-cache
Connection: keep-alive
Content-Type: application/json
Host: **.com
Origin: https://www.**.com
Pragma: no-cache
Referer: https://www.**.com/FrontAppDomicilio/
User-Agent: Mozilla/5.0 (X11; Linux x86_64…) Gecko/20100101 Firefox/61.0
`

Another thing I'm using a subdomain

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/tymondesigns/jwt-auth/issues/81#issuecomment-406767841,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AQLHbJFZynh7SFhKZayaXkQDzk63vo-2ks5uIqKxgaJpZM4D-Tlw
.

>

Thanks and Regard
Ali Shoaib
Software Engineer *
*Contact: +92-3225325694
Skype : ali.shoaib7
Flat no 4 block no 22 PHA flats Street# 118, Sector G-11/4, Islamabad,
Pakistan.

Hello @Alishoaib , thanks for reply. But in my project I do not have that file.

Are you working on restfull services in laravel ?

On Sun, 22 Jul 2018 at 12:55 AM, Andres David Echeverri Jimenez <
[email protected]> wrote:

Hello @Alishoaib https://github.com/Alishoaib , thanks for reply. But
in my project I do not have that file.

—
You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub
https://github.com/tymondesigns/jwt-auth/issues/81#issuecomment-406819944,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AQLHbLfZ_6jGYHMIbBVi0pQosBUOMic1ks5uI4dFgaJpZM4D-Tlw
.

>

Thanks and Regard
Ali Shoaib
Software Engineer *
*Contact: +92-3225325694
Skype : ali.shoaib7
Flat no 4 block no 22 PHA flats Street# 118, Sector G-11/4, Islamabad,
Pakistan.

@Alishoaib It could be said that yes although I only work with the GET and POST methods. I also work only with API routes.
I have solved for now, although I do not like it at all. What I did was send the token as a parameter, and now if I take it. But it is not a solution with which you are satisfied.

RewriteCond %{HTTP:Authorization} ^(.) RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

This worked for my own case. I had to enter the token as a query string.

deploy the app in apache24 and added config as below in .htaccess file, but not work, should I add any something in apache24 ?

Options +FollowSymLinks
RewriteEngine On

RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]