Passport: Laravel 7.5.2 (Passport Api) + Vuejs Error : Undefined index: aud , \vendor\laravel\passport\src\Guards\TokenGuard.php

Same here

Facing the same issue

Having the same issue but with laravel 6 and passport 9.

I think I might have found the issue.

Looks like /vendor/laravel/passport/src/ApiTokenCookieFactory.php:77 sets the index sub into the JWT token

But when decoding the cookie and trying to find the corresponding user \Laravel\Passport\Guards\TokenGuard::$clients tries to use the index aud to find the user.

However, the indexes have been like that for a LONG time now, so I'm not sure why this is suddenly a problem?

I suspect it might be due to the removal of old php-jwt versions in this merged PR? #1236

Reverting to 8.x branch resolved the issue for me.

composer require laravel/passport:^8.0

I think I might have found the issue.

Looks like /vendor/laravel/passport/src/ApiTokenCookieFactory.php:77 sets the index sub into the JWT token

But when decoding the cookie and trying to find the corresponding user \Laravel\Passport\Guards\TokenGuard::$clients tries to use the index aud to find the user.

However, the indexes have been like that for a LONG time now, so I'm not sure why this is suddenly a problem?

The problem isn't with the sub claim but the aud one. Which is being used to identify the client (while the sub is meant for the user). The audience is just not being configured.

Looking at the diff, this seems to be the culprit (as it apparently assumes that aud claim is always there).

@driesvints do you have any idea on how can we solve this?

@lcobucci your link only shows all the commits between 8.5 and 9.0. Can you link to the specific file or pr that changed this?

Did everyone here read the upgrade guide and added the new provider column to the clients table?

https://github.com/laravel/passport/blob/9.x/UPGRADE.md

I've updated it already, sorry

@driesvints column is there in my case (I'm doing a clean php artisan passport:install -n btw). Created entries have null as provider (not sure if it helps).

Hey @driesvints yeah this was happening for me on a fresh project, provider column is there.

It's mentioned that people are here using vue but I don't see any vuejs install steps in the steps to reproduce. Can anyone please post very specific steps to replicate this?

Hey, I'm on a fresh install also. On version 9.0 I'm encountering the same error, while reverting to 8.5 solves it. Not using vue but old plain XHR request with following headers. The cookies are sent also.

'X-Requested-With': 'XMLHttpRequest',
'X-CSRF-TOKEN': THE_CSRF_TOKEN

If anyone can please post very specific steps to reproduce we can figure this out. Atm we can't reproduce this.

    /**
     * Get the user for the incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return mixed
     */
    public function user(Request $request)
    {
        if ($request->bearerToken()) {
            return $this->hasValidProvider($request) ? $this->authenticateViaBearerToken($request) : null;
        } elseif ($request->cookie(Passport::cookie())) {
            return $this->authenticateViaCookie($request);
        }
    }

This may be the fix needed but I can't reproduce the error. Seeing how there is no client in this case makes sense logically but I need to verify. Can someone please give details steps as @driesvints has mentioned.

In my instance I'm using React.

1. laravel new test --auth
2. cd test
3. composer require laravel/passport
4. php artisan migrate
5. php artisan passport:install
6. Add HasApiTokens to User model
7. Change api guard to passport in config/auth.php
8. Add Passport::routes() to AuthServiceProvider
9. Add \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class to web middleware group in app/Http/Kernel.php
10. php artisan ui react --auth
11. In home.blade.php add <div id="example"></div>
12. Replace resources/js/components/Example.js with the following code:

import React, { useEffect } from 'react';
import ReactDOM from 'react-dom';

function Example() {
    const load = async () => {
        const data = await axios.get(`api/user`);

        console.log(data);
    }

    useEffect(() => {
        load();
    }, []);

    return null;
}

export default Example;

if (document.getElementById('example')) {
    ReactDOM.render(<Example />, document.getElementById('example'));
}

1. npm install && npm run dev
2. Open app in browser, create account, look in network requests and you'll see a 500 error

{
    "message": "Undefined index: aud",
    "exception": "ErrorException",
    "file": "/Users/joe/Code/Web/test/vendor/laravel/passport/src/Guards/TokenGuard.php",
    "line": 140,
    "trace": [
        {
            "file": "/Users/joe/Code/Web/test/vendor/laravel/passport/src/Guard
...

Thanks, @joelennon for the detailed write-up. This was a great help in tracking this down. I have submitted a PR to resolve this. Please look at https://github.com/laravel/passport/pull/1246

Thanks @joelennon, that was helpful 👍

Released v9.0.1 which should fix this.

Thanks everyone, the fix works nicely :+1:

Thanks to everyone who reported this!

Thanks everyone

If anyone here who has upgraded to v9 already and is using the new secrets hashing, please read https://blog.laravel.com/passport-v91-breaking-changes and https://github.com/laravel/passport/issues/1252

Ugg this cost me a lot of time earlier this week, happy to read I'm not crazy :)

I still can't resolve this in my case. I have a new laravel installation with the latest passport package installed.