Laravel Passport not authenticating with JWT cookie (self consuming API)












0















I've gone through the entire page of documentation and as far as I can tell I have everything set up exactly as the documentation states. However, when I attempt to make a GET request to /api/users it always returns a 401 Unauthorized.



If I inspect the request, I see that the laravel_token is indeed being passed along with the request, as well as CSRF.



At this point, I'm not really sure why it's always failing to authenticate, but it's pretty frustrating and I'm sure it's something minor that I'm overlooking somehow.



I'm using Laravel 5.7.5.



Configuration steps done:




  • Ran php artisan passport:install

  • Added trait to User model

  • Added Passport::routes() to AuthServiceProvider::boot()

  • Changed API driver to passport in config/auth.php

  • Added CreateFreshApiToken::class to web middleware






laravel laravel-5 laravel-passport laravel-5.7







share|improve this question























  • How do you inspect the request? Did you try it by browser? if so, you are doing in a wrong way. You should use some applications to make json call to your endpoints. something like postman. Something that is able to set application/type in header. If you are calling endpoint by correct header, then check your files key files permissions.

    – train_fox
    Jan 1 at 10:07











  • @train_fox I'm inspecting the request that's made with Axios, which is how the documentation for Passport does it. That's definitely not the wrong way of doing so. I'm not sure what you're trying to mean by files key files permissions.

    – Nathan
    Jan 1 at 17:40













  • when you run php artisan passport install laravel will make 2 files, private and public key. Check storage directory to find them and check their permissions, required permission is 644.

    – train_fox
    Jan 1 at 17:58











  • @train_fox Ah, yeah, those files have correct permissions.

    – Nathan
    Jan 1 at 18:03











  • Do you trying to access the default route defined in api.php route file?

    – train_fox
    Jan 1 at 18:27
















0















I've gone through the entire page of documentation and as far as I can tell I have everything set up exactly as the documentation states. However, when I attempt to make a GET request to /api/users it always returns a 401 Unauthorized.



If I inspect the request, I see that the laravel_token is indeed being passed along with the request, as well as CSRF.



At this point, I'm not really sure why it's always failing to authenticate, but it's pretty frustrating and I'm sure it's something minor that I'm overlooking somehow.



I'm using Laravel 5.7.5.



Configuration steps done:




  • Ran php artisan passport:install

  • Added trait to User model

  • Added Passport::routes() to AuthServiceProvider::boot()

  • Changed API driver to passport in config/auth.php

  • Added CreateFreshApiToken::class to web middleware






laravel laravel-5 laravel-passport laravel-5.7







share|improve this question























  • How do you inspect the request? Did you try it by browser? if so, you are doing in a wrong way. You should use some applications to make json call to your endpoints. something like postman. Something that is able to set application/type in header. If you are calling endpoint by correct header, then check your files key files permissions.

    – train_fox
    Jan 1 at 10:07











  • @train_fox I'm inspecting the request that's made with Axios, which is how the documentation for Passport does it. That's definitely not the wrong way of doing so. I'm not sure what you're trying to mean by files key files permissions.

    – Nathan
    Jan 1 at 17:40













  • when you run php artisan passport install laravel will make 2 files, private and public key. Check storage directory to find them and check their permissions, required permission is 644.

    – train_fox
    Jan 1 at 17:58











  • @train_fox Ah, yeah, those files have correct permissions.

    – Nathan
    Jan 1 at 18:03











  • Do you trying to access the default route defined in api.php route file?

    – train_fox
    Jan 1 at 18:27














0












0








0








I've gone through the entire page of documentation and as far as I can tell I have everything set up exactly as the documentation states. However, when I attempt to make a GET request to /api/users it always returns a 401 Unauthorized.



If I inspect the request, I see that the laravel_token is indeed being passed along with the request, as well as CSRF.



At this point, I'm not really sure why it's always failing to authenticate, but it's pretty frustrating and I'm sure it's something minor that I'm overlooking somehow.



I'm using Laravel 5.7.5.



Configuration steps done:




  • Ran php artisan passport:install

  • Added trait to User model

  • Added Passport::routes() to AuthServiceProvider::boot()

  • Changed API driver to passport in config/auth.php

  • Added CreateFreshApiToken::class to web middleware






laravel laravel-5 laravel-passport laravel-5.7







share|improve this question














I've gone through the entire page of documentation and as far as I can tell I have everything set up exactly as the documentation states. However, when I attempt to make a GET request to /api/users it always returns a 401 Unauthorized.



If I inspect the request, I see that the laravel_token is indeed being passed along with the request, as well as CSRF.



At this point, I'm not really sure why it's always failing to authenticate, but it's pretty frustrating and I'm sure it's something minor that I'm overlooking somehow.



I'm using Laravel 5.7.5.



Configuration steps done:




  • Ran php artisan passport:install

  • Added trait to User model

  • Added Passport::routes() to AuthServiceProvider::boot()

  • Changed API driver to passport in config/auth.php

  • Added CreateFreshApiToken::class to web middleware






laravel laravel-5 laravel-passport laravel-5.7




laravel laravel-5 laravel-passport laravel-5.7






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 31 '18 at 23:04









NathanNathan

1,25941837




1,25941837













  • How do you inspect the request? Did you try it by browser? if so, you are doing in a wrong way. You should use some applications to make json call to your endpoints. something like postman. Something that is able to set application/type in header. If you are calling endpoint by correct header, then check your files key files permissions.

    – train_fox
    Jan 1 at 10:07











  • @train_fox I'm inspecting the request that's made with Axios, which is how the documentation for Passport does it. That's definitely not the wrong way of doing so. I'm not sure what you're trying to mean by files key files permissions.

    – Nathan
    Jan 1 at 17:40













  • when you run php artisan passport install laravel will make 2 files, private and public key. Check storage directory to find them and check their permissions, required permission is 644.

    – train_fox
    Jan 1 at 17:58











  • @train_fox Ah, yeah, those files have correct permissions.

    – Nathan
    Jan 1 at 18:03











  • Do you trying to access the default route defined in api.php route file?

    – train_fox
    Jan 1 at 18:27



















  • How do you inspect the request? Did you try it by browser? if so, you are doing in a wrong way. You should use some applications to make json call to your endpoints. something like postman. Something that is able to set application/type in header. If you are calling endpoint by correct header, then check your files key files permissions.

    – train_fox
    Jan 1 at 10:07











  • @train_fox I'm inspecting the request that's made with Axios, which is how the documentation for Passport does it. That's definitely not the wrong way of doing so. I'm not sure what you're trying to mean by files key files permissions.

    – Nathan
    Jan 1 at 17:40













  • when you run php artisan passport install laravel will make 2 files, private and public key. Check storage directory to find them and check their permissions, required permission is 644.

    – train_fox
    Jan 1 at 17:58











  • @train_fox Ah, yeah, those files have correct permissions.

    – Nathan
    Jan 1 at 18:03











  • Do you trying to access the default route defined in api.php route file?

    – train_fox
    Jan 1 at 18:27

















How do you inspect the request? Did you try it by browser? if so, you are doing in a wrong way. You should use some applications to make json call to your endpoints. something like postman. Something that is able to set application/type in header. If you are calling endpoint by correct header, then check your files key files permissions.

– train_fox
Jan 1 at 10:07





How do you inspect the request? Did you try it by browser? if so, you are doing in a wrong way. You should use some applications to make json call to your endpoints. something like postman. Something that is able to set application/type in header. If you are calling endpoint by correct header, then check your files key files permissions.

– train_fox
Jan 1 at 10:07













@train_fox I'm inspecting the request that's made with Axios, which is how the documentation for Passport does it. That's definitely not the wrong way of doing so. I'm not sure what you're trying to mean by files key files permissions.

– Nathan
Jan 1 at 17:40







@train_fox I'm inspecting the request that's made with Axios, which is how the documentation for Passport does it. That's definitely not the wrong way of doing so. I'm not sure what you're trying to mean by files key files permissions.

– Nathan
Jan 1 at 17:40















when you run php artisan passport install laravel will make 2 files, private and public key. Check storage directory to find them and check their permissions, required permission is 644.

– train_fox
Jan 1 at 17:58





when you run php artisan passport install laravel will make 2 files, private and public key. Check storage directory to find them and check their permissions, required permission is 644.

– train_fox
Jan 1 at 17:58













@train_fox Ah, yeah, those files have correct permissions.

– Nathan
Jan 1 at 18:03





@train_fox Ah, yeah, those files have correct permissions.

– Nathan
Jan 1 at 18:03













Do you trying to access the default route defined in api.php route file?

– train_fox
Jan 1 at 18:27





Do you trying to access the default route defined in api.php route file?

– train_fox
Jan 1 at 18:27












1 Answer
1






active

oldest

votes


















-1














After a lot of digging, I finally figured out what my issue was.



In version 5.6 and later of Laravel, cookies are no longer serialized/unserialized. However, Passport still expects that the cookies are serialized. Neither the documentation for Laravel or Passport point this out, and hopefully they'll get more in sync so this isn't an issue.



To fix this, you just need to add Passport::withoutCookieSerialization(); to appProvidersAuthServiceProvider::boot()






share|improve this answer

























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53992035%2flaravel-passport-not-authenticating-with-jwt-cookie-self-consuming-api%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    -1














    After a lot of digging, I finally figured out what my issue was.



    In version 5.6 and later of Laravel, cookies are no longer serialized/unserialized. However, Passport still expects that the cookies are serialized. Neither the documentation for Laravel or Passport point this out, and hopefully they'll get more in sync so this isn't an issue.



    To fix this, you just need to add Passport::withoutCookieSerialization(); to appProvidersAuthServiceProvider::boot()






    share|improve this answer






























      -1














      After a lot of digging, I finally figured out what my issue was.



      In version 5.6 and later of Laravel, cookies are no longer serialized/unserialized. However, Passport still expects that the cookies are serialized. Neither the documentation for Laravel or Passport point this out, and hopefully they'll get more in sync so this isn't an issue.



      To fix this, you just need to add Passport::withoutCookieSerialization(); to appProvidersAuthServiceProvider::boot()






      share|improve this answer




























        -1












        -1








        -1







        After a lot of digging, I finally figured out what my issue was.



        In version 5.6 and later of Laravel, cookies are no longer serialized/unserialized. However, Passport still expects that the cookies are serialized. Neither the documentation for Laravel or Passport point this out, and hopefully they'll get more in sync so this isn't an issue.



        To fix this, you just need to add Passport::withoutCookieSerialization(); to appProvidersAuthServiceProvider::boot()






        share|improve this answer















        After a lot of digging, I finally figured out what my issue was.



        In version 5.6 and later of Laravel, cookies are no longer serialized/unserialized. However, Passport still expects that the cookies are serialized. Neither the documentation for Laravel or Passport point this out, and hopefully they'll get more in sync so this isn't an issue.



        To fix this, you just need to add Passport::withoutCookieSerialization(); to appProvidersAuthServiceProvider::boot()







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Jan 2 at 21:31

























        answered Jan 1 at 18:54









        NathanNathan

        1,25941837




        1,25941837
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53992035%2flaravel-passport-not-authenticating-with-jwt-cookie-self-consuming-api%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Monofisismo

            Image
            Monofisismo (do grego: monos - "único, singular" e physis - "natureza") é o ponto de vista cristológico que defende que, depois da união do divino e do humano na encarnação histórica, Jesus Cristo, como encarnação do Filho ou Verbo ( Logos ) de Deus, teria apenas uma única "natureza", a divina, e não uma síntese de ambas. O monofisismo é contraposto pelo diofisismo (ou "diafisismo"), que defende que Jesus preservou em si as duas naturezas. Historicamente, o monofisismo se refere primordialmente à posição dos que (especialmente no Egito e, em menor grau, na Síria) rejeitaram as decisões do Concílio de Calcedônia em 451 (o quarto concílio ecumênico). Os membros mais moderados entre eles, porém, defendem a teologia "miafisita", que se tornou a oficial para as Igrejas Ortodoxas Orientais. Muitos ortodoxos orientais, porém, rejeitam essa classificação, mesmo como um termo genérico, mas ele é amplamente utilizado na literatura históri
            Read more

            Angular Downloading a file using contenturl with Basic Authentication

            Image
            0 I have a contentUrl when user clicks on that,file should be downloaded. If I try to browse the contentUrl in the browser it asks for Userid and password.I believe this is Basic Authentication.I dont want user to enter UserId and Password so I am passing it Authorization(Please see below code). Url looks some thing like this: http://XXX.XXX.XX.XXX:8080/flowable-rest/service/runtime/tasks/90875/attachments/90555/content let username : string = 'admin'; let pwd : string = 'test'; let headers = new Headers(); headers.set('Accept', 'text/json'); headers.append('Content-Type', 'application/json'); headers.set('Access-Control-Allow-Origin', '*'); headers.set('Access-Control-Allow-Methods','POST, GET, OPTIONS, PUT, DELETE'); head
            Read more

            Olmecas

            Image
            Monumento 1, uma das quatro cabeças colossais encontradas em La Venta, com altura aproximada de 3 metros Olmecas é a designação do povo e da civilização que estiveram na origem da antiga cultura pré-colombiana da Mesoamérica e que se desenvolveram nas regiões tropicais do centro-sul do atual México durante o pré-clássico, próximo de onde hoje estão localizados os estados mexicanos de Veracruz e Tabasco, no Istmo de Tehuantepec, numa zona designada área nuclear olmeca. A cultura olmeca floresceu nesta região aproximadamente entre 1500 e 400 a.C., [ 1 ] e crê-se que tenha sido a civilização-mãe de todas as civilizações mesoamericanas que se desenvolveram posteriormente. [ 2 ] No entanto, desconhece-se a sua exacta filiação étnica, ainda que existam numerosas hipóteses colocadas para tentar resolver esta questão. O etnónimo olmeca foi cunhado pelos arqueólogos do século XX, e não devem confundir-se com os muito posteriores olmecas-xicalancas que ocuparam vários locais do México
            Read more