Passport: Not Authenticated on live server
Morning Everyone,
I have come to the end of my investigations on getting passport to work on my live server. I have gone through numerous tutorials including the laravel passport install and I am still unable to get it to authenticate on the live server. I have it working on my local machine using passport with no issues at all using the live DB, but as soon as I upload it to the live server I am able to get an access token but when I try and authenticate using it as the Bearer token it does not authenticate.
I am using:
Laravel 5.5
Below is some of the code that I have used:
API Routes:
Route::post('/register', ['as' => 'register', 'uses' => 'RegisterController@index']);
Route::group(['namespace' => 'Articles', 'prefix' =>'/articles', 'middleware' => ['auth:api']], function() {
Route::get('/', ['as' => 'articles', 'uses' => 'ArticleController@index']);
Route::put('/', ['as' => 'articles', 'uses' => 'ArticleController@store']);
Route::get('/{article}', ['as' => 'articles.show', 'uses' => 'ArticleController@show']);
Route::post('/{article}', ['as' => 'articles.update', 'uses' => 'ArticleController@update']);
Route::delete('/{article}', ['as' => 'articles.destroy', 'uses' => 'ArticleController@destroy']);
});
So in passport I use:
Accept - application/json
Authorisation = Bearer access_token
Locally I will get a response and data, on the live server I get an not authenticated error.
{
"message": "Unauthenticated."
}
ADDITION: I have just tried it on another server and it worked so it is an issue with my live server but I can't see what the issue would be, I'm wondering if I am missing any modules but not sure what we need to make sure it is working.
I understand that this could be a an issue with the live server but I am not sure what it would be missing to be an issue.
I need to get this working so any sort of advice and help would be much appreciated.
Thanks
mattnewark
All 17 comments
@mattnewark hopefully it isn't this, but you spelled Authorization wrong in your post, can you confirm that's not the problem
craigpaul
on 9 Oct 2017
Hi @craigpaul, No, thats just me.
I tested it on another server and it worked fine just can't understand why it is not working on our main server.
Thanks
mattnewark
on 9 Oct 2017
So if anyone has the same issue we had to make a change to the Apache config filr or .htaccess file with the below:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
This did the trick for me
mattnewark
on 13 Oct 2017
Life saver mattnewark
grafxflow
on 10 May 2018
hi i am having same problem did u get the solution for the error
please let me know , I search for it everywhere but not getting any answer
i did the .htaccess file edit as u have mentioned but still not working
thanks in advance
sagarrokade404
on 7 Jun 2018
Here is my .htaccess file after adding @mattnewark suggestions
`
Options -MultiViews
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ ^$1 [N]
RewriteCond %{REQUEST_URI} (\.\w+$) [NC]
RewriteRule ^(.*)$ public/$1
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ server.php
`
Thanks you @mattnewark.
ghost
on 13 Oct 2018
@extsalt have you got access the Apache global file? If so you would better to make the change there. As you may find that the apache config is over writing the htaccess file.
mattnewark
on 13 Oct 2018
Going to close this as this is more an issue with your server config than with Passport.
driesvints
on 15 Oct 2018
@extsalt have you got access the Apache global file? If so you would better to make the change there. As you may find that the apache config is over writing the htaccess file.
Yes, I did follow you suggestion and it's working fine.
Than you.
ghost
on 15 Oct 2018
@extsalt Can u please mention what changes you made in apache config file. Thanks
nafeesaslam
on 24 Oct 2018
@nafeesaslam Since I'm using aws, so I made my document root to my app public folder, and my .htaccess file in root of app directory has this config:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ ^$1 [N]
RewriteCond %{REQUEST_URI} (\.\w+$) [NC]
RewriteRule ^(.*)$ public/$1
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ server.php
</IfModule>
Hi Mr.Ganesh
Thanks for the response.In my use case I setup my passport server on a
shared hosting server. Which is doesn't allow cross platform to send
request through a http:// protocol and throws 403 error.
I implied your sent .htacces file but it doesn't seem to help in the above
stated case.
FYI
What I figured out is shared hosting server setup have security module
namely *mod_sec *which has to be disabled in order to make requests to the
server with http:// protocol which degrades the security of the targeted
domain.
Overall my project is SSO server setup with a central users database that
must be accessed with rest api ..
Any further help is appreciated
Thankyou
Nafees Aslam
On Wed, Oct 24, 2018 at 1:12 PM Ganesh K notifications@github.com wrote:
Since I'm using aws, so I made my document root to my app public folder,
and my .htaccess file in root of app directory has this config:Options -MultiViews
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ ^$1 [N]RewriteCond %{REQUEST_URI} (.\w+$) [NC]
RewriteRule ^(.*)$ public/$1RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ server.php—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/laravel/passport/issues/532#issuecomment-432547940,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ALQjkUvngkeBpkfdaUaAZyvex-5q4Pf7ks5uoBnIgaJpZM4PyIlY
.
nafeesaslam
on 26 Oct 2018
@nafeesaslam Can you provide the stack trace of 403 exceptions?
ghost
on 26 Oct 2018
Hi Mr. Ganesh
We have fortunately solved the issue.
We had to actually enable a php module (mod_sec) *. Otherwise *everything
was fine . I am not sure your .htacces file did some magic or not but i
used put public folder contents in root folder since you provided .htacces
for root folder there is no need to put public contents in the root
folder.. It helped a lot and I sincerely learnt a new thing form you.
And your follow up is really appreciable.
Thanks a ton. Always grateful.
Nafees Aslam
On Fri, Oct 26, 2018 at 7:36 PM Ganesh K notifications@github.com wrote:
@nafeesaslam https://github.com/nafeesaslam Can you provide the stack
trace of 403 exceptions?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/laravel/passport/issues/532#issuecomment-433419517,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ALQjkZbAlmlDPk0eKqLpMGmJj8KVEWB4ks5uoxbSgaJpZM4PyIlY
.
nafeesaslam
on 2 Nov 2018
@ghost This still didn't work for me. So frustrating
salvationarinze
on 11 Mar 2020
If your app is running on an Apache server you need to modify the file /etc/apache2/sites-enabled/test-app.conf. and add the variable of @mattnewark just under
hugoisrr
on 6 Nov 2020
still facing the same issue, i published on a sharedhost, can't modify apache files, and @mattnewark tags are not working. do you guys solve this problem?
Raza9798
on 21 Nov 2020
Related issues
huiyonghkw
·
3Comments
brryfrmnn
·
3Comments
s4uron
·
3Comments
Adesubomi
·
4Comments
SwiTool
·
3Comments
Most helpful comment
So if anyone has the same issue we had to make a change to the Apache config filr or .htaccess file with the below:
This did the trick for me