I got access_token and send request to get user but alway return
{
"error": "Unauthenticated."
}
I readed on the internet and some people told me change api.php like that
Route::get('/user', function (Request $request) {
return $request->user();
})->middleware('auth:api');
to
Route::get('/user', function (Request $request) {
return $request->user();
});
Then it does not display error again but return null value. I can't get user.
canhkieu
All 19 comments
how do you send the access_token?
if you remove the middleware auth:api, it won't be able to identify the user, of course you will get null
you should send it as a header Authorization: Bearer {{access token}}
tonoman3g
on 17 Sep 2016
I had the same error. I solved it by setting a deadline.
Passport::tokensExpireIn(Carbon::now()->addDays(15));
and it worked
ilvalerione
on 18 Sep 2016
Solved
I don't know why but when i checked the token_key on JWT debugger then the EXP value return 0. And I need to change the expire. Thanks @ilvalerione
Passport::tokensExpireIn(Carbon::now()->addDays(15));
canhkieu
on 19 Sep 2016
What's the reasoning of adding a expired date , sounds like code smell
lukepolo
on 19 Sep 2016
Default JWT generate is with expiry set to the same time of creation. So this cannot be used out of the box.
As per the docs the default JWT is a long lived token, but this seems to be not working.
alexjose
on 20 Sep 2016
This is because of the 32bit PHP and the 100 Year validity for the default tokens.
See this #47
alexjose
on 21 Sep 2016
With the Authorization: Bearer {{access token}} header add another with a value of Accept => application/json. It worked for me!
balakan
on 3 Oct 2016
For me: I had to fix this by going into my config/auth.php and set the 'guard' => 'api'. (it was web before)
'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
codymoorhouse
on 12 Oct 2016
Found out, if you are upgrading from 5.2 to 5.3 you need to use
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
Instead of the Authenticate class that was in your app middleware before
lukepolo
on 12 Oct 2016
I've done every single adjustment listed here and am still having issues with getting the user.
I've:
- Set an expiration in Auth Service Provider
- Removed and reapplied the auth:api middleware call in routes (multiple times resulting in null returned values)
- Tried changing the defaults driver in config/auth.php to 'api' from 'web'
- Ensured the Kernel's classes are properly located
- Added the Accept header with value of application/json
- Ensured the default laravel_session cookie was being properly sent in
- Ensured I was sending the access token with header of Authorization Bearer access_token_here
- Ensured that I was hitting the right route
However I still keep getting unauthorized errors returned. Is there ANYTHING else I've missed here? I'm sort-of at a loss.
dreferreira
on 19 Oct 2016
I have same Issue
laravel 5.3
Passport::tokensExpireIn(Carbon::now()->addDays(7));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(14));
miladnit
on 29 Oct 2016
I have the same issue here. Here is my request header,
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,es;q=0.6
Connection:keep-alive
Cookie:remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6IlM4N0tuZE9vcTRQQXltVWJsMDJnRkE9PSIsInZhbHVlIjoiVkpNb2J0dFZuWkpVRmNYakVxcytKaDR4emJzMEJVNDhKb2FBNkNJN0M4bz0iLCJtYWMiOiIxMmIwNWE3ZThkN2ZmMDczNzA2OGM4NzRhZjIzZWRhYzM3NjgzMjFjNDY0NzlkZWQzZWVkOWJhNmZjNWIwZWVlIn0%3D; laravel_token=eyJpdiI6ImpzeTBYSWpqNWRuOXpWZnFlTFUyVEE9PSIsInZhbHVlIjoicnVSWGtqK1FkRnlPdTJKTElzdUR1bkx1T3VNUFBzMGV3TGRrTzFJTlVxVk56eURCWXprbURzWHJcL3dYXC9jUEh2RTRTcE42S0dJSGR6SVdJbXNzdng5RXltV25xeGcydjZuTTBNMFBYWlV4MVwvZGZrKzVNckx1N003c0N4ZlRsRTVJRE1Yb283XC8zQVo4NjA1dk5cLzFTME5SOEF0YUx5bWQ3SERGTXZ0bWZNU3I2UElpZ0I1QlwvMFk0SzRJU3U0ZFwvcVdxWlZzZVVLWlVXMVIzdnh3ZkJwb3pXOVZ6OTBUSUlzT2o5OGZjdzZSbWtBYVFHUHNDcVVvR3hNYnl3dzlZblFPRTVITXdnMHRMbDE0R050VERDT25RPT0iLCJtYWMiOiIzNWRhODljM2Y3MmEyY2NkNDA0YzI0NmQ2OWI0MDVkOTczYWQ4MzYyMjUzNWEzNGVhOTRmMTJkODE1ZDNlZjNiIn0%3D; XSRF-TOKEN=eyJpdiI6Ijh2SzdEOFFsOGloV0grZzZNSnR1N2c9PSIsInZhbHVlIjoiQXpidnNjZ05qcTJDMnJkOHhjSzc0RGRSa3BYQVpDd0l6N0I5M093V2lWeitJaTVoSjU5VTJCV2p4SDdkZW5laHhRYmlsMytJWHRlUGJYOUgrTkJMXC9RPT0iLCJtYWMiOiJjMjZjOTM0Zjc0MzBlMTQ2NTA0OWI5ZDZiMDJjYzA1YWVhMWU4NTYyZDhkMjZmNjYyYTU3YzBjNWIwYmU3NTE1In0%3D; laravel_session=eyJpdiI6IlJxbVlReXBlTmtoK2N1SUFIVFwvcVwvdz09IiwidmFsdWUiOiJCQW5cL3NUVCttMUtWYlF2a20rSm40RGc2a3kySFVucjIxNFwvbmRVMWk2UlhEVTRFb05NTjl6d1hXWWZBT2hqUWhZQVVzdmZnYnF1T2RBXC94dWFVUVVmQT09IiwibWFjIjoiOWJiNzQ3ZmUwZThkYzlmODUyOGE2Yjc0ZjIzZTMzNTY1OWU1YjM0ZmViZmI5ZWIyODQzZTIwMTliMTA2MWJkMSJ9
Host:noplaceleft.dev
Referer:http://noplaceleft.dev/dashboard/users/profile
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
X-XSRF-TOKEN:eyJpdiI6Ijh2SzdEOFFsOGloV0grZzZNSnR1N2c9PSIsInZhbHVlIjoiQXpidnNjZ05qcTJDMnJkOHhjSzc0RGRSa3BYQVpDd0l6N0I5M093V2lWeitJaTVoSjU5VTJCV2p4SDdkZW5laHhRYmlsMytJWHRlUGJYOUgrTkJMXC9RPT0iLCJtYWMiOiJjMjZjOTM0Zjc0MzBlMTQ2NTA0OWI5ZDZiMDJjYzA1YWVhMWU4NTYyZDhkMjZmNjYyYTU3YzBjNWIwYmU3NTE1In0=
gocanto
on 11 Nov 2016
Well, I just fixed mine doing this.
JS
axios.defaults.headers.common['X-CSRF-TOKEN'] = 'laravel token';
Routes
Route::get('users/profile', 'Users\UsersApiController@index')->middleware('auth:api');
The issue here is, doing all this I am not making use of passport.
I relly need some help! thanks
gocanto
on 11 Nov 2016
@lukepolo solution solved the problem.
On Kernel.php file use:
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
instead of
'auth' => \App\Http\Middleware\Authenticate::class,
Also added the Unauthenticated Method to App\Exceptions\Handler class, otherwise an exception will be thrown if the user is not authenticated. See instructions in the upgrade documentation page: https://laravel.com/docs/5.3/upgrade
/**
* Convert an authentication exception into an unauthenticated response.
*
* @param \Illuminate\Http\Request $request
* @param \Illuminate\Auth\AuthenticationException $exception
* @return \Illuminate\Http\Response
*/
protected function unauthenticated($request, AuthenticationException $exception)
{
if ($request->expectsJson()) {
return response()->json(['error' => 'Unauthenticated.'], 401);
}
return redirect()->guest('login');
}
bruno-fernandes
on 14 Nov 2016
@bruno-fernandes @lukepolo I am already using 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, but I still get null as a response when hitting /api/user. This is my route:
Route::get('/user', function (Request $request) {
return $request->user();
})->middleware('auth:api');
Note that using return Auth::guard('api')->user(); instead of return $request->user(); successfully returns the user that issue the Personal Access Token
EDIT: Strange but I found out that my api returned successfully the current logged in user's details.
Route::get('/user', function (Request $request) {
return $request->user();
})->middleware('auth:api');
The problem is that I was not able to conole.log() later the response through a Vue component
export default {
name: "Home",
mounted() {
this.$http.get('/api/user').then(response => {
alert(response.data);
});
}
}
Digging a little bit more into my problem, I found out that if I compile my assets running gulp, the response can be successfully logged in my console. However, If I compile my assets using gulp --production I am getting no output .
It seems that gulp --production strip console.log out automatically.....
iraklisg
on 22 Nov 2016
Shouldn't this be in the 5.2 > 5.3 upgrade instructions?
https://github.com/laravel/passport/issues/87#issuecomment-253332452
arctic-ice-cool
on 5 Jan 2018
@lukepolo thanks a lot even after 2 years this helped me adding new 'auth.api' => \Illuminate\Auth\Middleware\Authenticate::class, in the kernel.php
as i am already using 'auth' for sentinel so i named it auth.api and in the route used it like auth.api:api
and that worked for me
shamsuljewel
on 27 Aug 2018
I might be late here but I faced the same problem when I created my own personal access token thus creating my own login method. Even though I was getting an access token the user was still not logged in. I solved it with Auth::attempt( $login_credentials)
$login = $request->validate([
'email' => 'required|email',
'password' => 'required'
]);
if( !Auth::attempt( $login ) ) {
return response(['message'=> 'Invalid login credentials']);
}
$user = Auth::user();
if($user->status == "Active" && $user->isVerified == "Verified") {
$accessToken = $user->createToken('authToken')->accessToken;
return response(['user'=> Auth::user(), 'access_token' => $accessToken]);
}
return response()->json(["errors"=>"Account inactive or not verified"],401);
Now $request->user() works
Leleking
on 29 Jun 2020
i have 2 type of users.
1) Login user
2) Guest user
I am using passport api with laravel8.
I have news curd api with comment. The route are : List all news api, Show single news detail api and user post comment api.
My question:-
-> Login user have all access with access_token.
-> But guest user access only news list and single detail api.
How can i access guest news list api and single detail. For security need to add token.
Guest access apis with token.
ramkumawathis
on 25 Feb 2021
Related issues
andcl
·
3Comments
ghost
·
3Comments
s4uron
·
3Comments
cookiejarblush
·
4Comments
SwiTool
·
3Comments
Most helpful comment
Found out, if you are upgrading from 5.2 to 5.3 you need to use
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,Instead of the Authenticate class that was in your app middleware before