Bearer Tokens are no longer working

[derf]

When trying to determine whether https://github.com/derf/travelynx/issues/47 is a travelynx or a Traewelling issue, I found out that travelynx is no longer able to perform authenticated Traewelling actions via the API. The same happens when I use the API manually via curl. After logging in, I receive a token, but all actions I try to use it with return 401 Unauthenticated.

This worked fine until recently, so there probably either was an unintended breaking change in the API, or I mis-used the API from the start and it's now stricter than previously.

To reproduce:

Retrieve a token:

curl -X POST -H "Content-Type: application/json" -H "Accept: application/json" https://traewelling.de/api/v0/auth/login --data '{"email":"...","password":"..."}'

The response contains token and expires_at, as expecteed.

Use the just retrieved token:

curl -H 'Accept: application/json' -H "Authorization: Bearer ..." https://traewelling.de/api/v0/getuser

Response:

{"message":"Unauthenticated."}

[MrKrisKrisu]

I can confirm that the problem exists in the traewelling.de instance, but not in the development version. I will investigate further.

New tokens can still be created, old tokens are still valid. The authorization appears to be incorrect.

[HerrLevin]

So Laravel seems to have its problems with FastCGI. The latest hotfix should comprehend for that. It's already working since we fiddled around in production.

Sorry for the inconvenience. 😅