Guard issue in production only

[newtoniumx3]

I'm having such a strange issue I don't understand what could be wrong. My code/configuration locally is not behaving the same way in production.

The workflow

1. Send a login request and receive back an access_token
2. Send a second request with the access_token in the header as: Authorization: Bearer ...

In production

1. Step 1 works I receive back the access_token.
2. Step 2, I always get back a null user session. I checked in production and the Authorization header does arrive intact and the value is also correct. But then why would it not process this properly like in localhost?

---

Specifically my issue is here: src/server/vendor/nuwave/lighthouse/src/Support/Http/Middleware/AttemptAuthentication.php

protected function attemptAuthentication(array $guards): void
{
    if (empty($guards)) {
        $guards = [config('lighthouse.guard')];
    }

    foreach ($guards as $guard) {
        if ($this->authFactory->guard($guard)->check()) { // <---- the culprint
            $this->authFactory->shouldUse($guard);

            return;
        }
    }
}

On both development and production guards has the same value of ['api']. However in development the following line returns true, but in production this returns false

$this->authFactory->guard($guard)->check()

How could this be? It's the exact same code running.

I specifically validated on production that the token I'm sending does not get altered and is properly received. It is the token specifically returned by the login endpoint of production.

---

[joselfonseca]

@newtoniumx3 Make sure your web server is passing along the Authorization header, some servers are not configure to allow that header to be passed on the request so the header will never get there to be validated.

[newtoniumx3]

I’m going to re setup my app from scratch to debug this. If the issue still happens I’ll re open this. Thank you