search

francescomalatesta / laravel-api-boilerplate-jwt

A Laravel 5.8 API Boilerplate to create a ready-to-use REST API in seconds.
MIT License
1.17k stars 285 forks source link

Laravel 5.4 - Token Signature could not be verified #41

Closed abolinhas closed 7 years ago

abolinhas commented 7 years ago

Hi, I'm building an api to authenticate my users through my mobile application The login controller return me the correct token.

<?php

namespace App\Api\V1\Controllers;

use Symfony\Component\HttpKernel\Exception\HttpException;
use Tymon\JWTAuth\JWTAuth;
use App\Http\Controllers\Controller;
use App\Api\V1\Requests\LoginRequest;
use Tymon\JWTAuth\Exceptions\JWTException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

class LoginController extends Controller
{
    public function login(LoginRequest $request, JWTAuth $JWTAuth)
    {
        $credentials = $request->only(['username', 'password']);

        try {
            $token = $JWTAuth->attempt($credentials);

            if(!$token) {
                throw new AccessDeniedHttpException();
            }

        } catch (JWTException $e) {
            throw new HttpException(500);
        }

        return response()
            ->json([
                'status' => 'ok',
                'token' => $token
            ]);
    }
}

Postman result

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjEsImlzcyI6Imh0dHBzOlwvXC9iZXRhZmlsZS5vcmdcL2dpcHNcL3B1YmxpY1wvYXBpXC9hdXRoXC9sb2dpbiIsImlhdCI6MTQ5Mjc4MDI2NiwiZXhwIjoxNDkyNzgzODY2LCJuYmYiOjE0OTI3ODAyNjYsImp0aSI6InZHWkxaNHNqRUlqYW05WTMifQ.g8_-qHsVVvCEj9_BoqDCKJ9QHvm-yqWALsXmxeMK_3c"
}

Now when I tried to get the current user by token I get the signature error User controller

<?php

namespace App\Api\V1\Controllers;

use JWTAuth;
use App\Record;
use App\Http\Requests;
use Illuminate\Http\Request;
use Dingo\Api\Routing\Helpers;
use App\Http\Controllers\Controller;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

class RecordController extends Controller
{
    use Helpers;

    public function store(Request $request) {
        //$record = new Record;
        //return $this->currentUser();
        $currentUser = JWTAuth::parseToken()->authenticate();
        return $currentUser;

    }

    private function currentUser() {
        return JWTAuth::parseToken()->authenticate();
    }
}
Postman result
{
  "error": {
    "message": "Token Signature could not be verified.",
    "status_code": 500
  }
}

I already try by pass the token by url domain.com/api/auth?token=token_key and by header Authorization Bearer token_key

Also I have the jwt secret inside config/jwt.php 'secret' => env('jwt_secret') and inside .env JWT_SECRET=jwt_secret

Any tip to help to solve this issue?

Thanks

francescomalatesta commented 7 years ago

Double check the presence of JWT_SECRET in the .envfile. Also, passing the token via the request like ?token=my-token is not enabled by default.

francescomalatesta commented 7 years ago

Just did more tests, the problem is in the fact that the artisan jwt:generate does not generate a token in the .env file. It's probably something related to the main JWT Auth package.

Also, please open issues in a single place, not everywhere (ref. https://github.com/tymondesigns/jwt-auth/issues/1124).

Closing

abolinhas commented 7 years ago

I double check the .env file is configured correctly

abolinhas commented 7 years ago

Fix it, I don't now why but after generate a new app key the jwt auth starts work properly. php artisan key:generate

Best regards