Passport: Laravel Passport “auth:api” middleware acting as “web, auth” middleware
Hi all,
First, I am developing with Homestead.
I have set up the Laravel Passport package for Laravel 5.3, step by step, just as described in the official documentation (https://laravel.com/docs/5.3/passport#installation).
I want the API to be consumed by an external mobile application, so I am trying to implement Password Grant Tokens. So far, the access token request URI works as expected (call to 'http://my-app.com/oauth/token' with grant_type, client_id, client_secret, username, password and scope returns access_token if credentials and client are correct, and the corresponding error elsewhere). Fine.
On the other hand, php artisan route:list lists correct middleware for default 'api/user' URI: "api,auth:api".
Moreover, this is the default content of api.php:
Route::get('/user', function (Request $request) {
return 'Hello';
})->middleware('auth:api');
The problem comes when I access 'http://my-app.com/api/user': it seems to be authenticating the request using the 'web, auth' middleware, not the 'auth:api', ie, I get the login form as if I was sending a request with web middleware. When I delete the '->middleware('auth:api');' part in api.php, I get the 'Hello' message, so then it is using the 'api' middleware.
Could you help me understanding this strange behaviour?
Thanks in advance.
andcl
All 3 comments
Solved! Just for the record, the solution:
I was sending the request to http://my-app.com/api/user with HTTP Header wrong. I was sending:
Type: Authorization - Content: Bearer: $accessToken
...and the correct way was:
Type: Authorization - Content: Bearer $accessToken (without colon)
I never thought it could be a typo... Anyway, the error was not easy to detect because the redirection to the login form misleaded me from the beginning. I believe it was such an strange behaviour indeed...
andcl
on 11 Nov 2016
Using a right token returns the user details (in json) for me; however if I send a wrong token (on purpose ofc), it tries to get me redirected to login form. Isn't it supposed to return me a response in a json_format either?
Have you figured out why? Am I doing something wrong too?
sentiasa
on 5 Jul 2017
@sentiasa got the same issue. You need to add "Accept: application/json" as headers in your Postman request. Then Laravel knows it needs to answer with json.
godbout
on 12 Oct 2017
Related issues
parth-vora-7
·
4Comments
cookiejarblush
·
4Comments
seriousjelly
·
3Comments
ghost
·
3Comments
MarkVilludo
·
3Comments
Most helpful comment
@sentiasa got the same issue. You need to add "Accept: application/json" as headers in your Postman request. Then Laravel knows it needs to answer with json.