search

laravel / passport

Laravel Passport provides OAuth2 server support to Laravel.
https://laravel.com/docs/passport
MIT License
3.28k stars 779 forks source link

Passport routes return "Unauthenticated" with sub domain #371

Closed kimnguyen-ict closed 6 years ago

kimnguyen-ict commented 7 years ago

I am using multiple authentications in Laravel and personal passport grant. I make: admin.app.dev => 'admin' guard; app.dev => 'web' guard. Everything is good in 'app.dev' except 'admin.app.dev' can not call passport routes such as:

lawrence615 commented 7 years ago

@kimnguyen-ict did you manage to solve this? Facing the same problem as well even when using localhost

jacobshenning commented 7 years ago

@lawrence615 I'm struggling with a similar problem. Have you had any luck fixing it?

rbruhn commented 6 years ago

This might be related to what you guys were working on. I wanted multi-auth for users for my application vs users who only use the API. Different registration, login, database table, etc. I suffered the same issue and it was due to Passport::routes(). The routes used for Passport all have ['web', 'auth'] as middleware. So it's automatically looking for the application user.

Instead of calling Passport::routes(), I copied all the routes in RouteRegistrar and changed the middle ware to ['web', 'auth:apiuser']. auth.php

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'api' => [
        'driver' => 'passport',
        'provider' => 'apiusers',
    ],
    'apiuser' => [
        'driver' => 'session',
        'provider' => 'apiusers',
    ],

],

I'm using Dingo for the API, Passport for handling the user registration. After this change above, my API users can log in and see the front end panel supplied natively by Passport using Vue. There they can create clients and personal tokens.

Hope this helps.

Edit: I should mention my API is on a subdomain: api.mysite.org The api user registration/login is in the main domain: mysite.org/api Paths for Passport are on the main domain: mysite.org/oauth This was to avoid the pain in the butt that Dingo is regarding versioning when it comes to routing.

cweiske commented 6 years ago

Same issue here. It's not possible for OAuth users to logout/destroy their token because curl -X DELETE ../oauth/tokens/123 returns 401 "Unauthenticated".

The issue is - as @rbruhn described - that the default guard is used for the api middleware instead of the api guard that lets oauth clients in. Replacing auth with auth:api fixed this problem.

driesvints commented 6 years ago

Heya. This is sort of related to https://github.com/laravel/passport/issues/379. Going to close this atm. In the meantime you'll have to target the correct domain.

Adam-78 commented 5 years ago

This might be related to what you guys were working on. I wanted multi-auth for users for my application vs users who only use the API. Different registration, login, database table, etc. I suffered the same issue and it was due to Passport::routes(). The routes used for Passport all have ['web', 'auth'] as middleware. So it's automatically looking for the application user.

Instead of calling Passport::routes(), I copied all the routes in RouteRegistrar and changed the middle ware to ['web', 'auth:apiuser']. auth.php

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'api' => [
        'driver' => 'passport',
        'provider' => 'apiusers',
    ],
    'apiuser' => [
        'driver' => 'session',
        'provider' => 'apiusers',
    ],

],

I'm using Dingo for the API, Passport for handling the user registration. After this change above, my API users can log in and see the front end panel supplied natively by Passport using Vue. There they can create clients and personal tokens.

Hope this helps.

Edit: I should mention my API is on a subdomain: api.mysite.org The api user registration/login is in the main domain: mysite.org/api Paths for Passport are on the main domain: mysite.org/oauth This was to avoid the pain in the butt that Dingo is regarding versioning when it comes to routing.

@rbruhn

Hi,

Can I ask where or which file did you copy the routes from RouteRegistrar to? Did you copy them into the boot method of the AuthServiceProvider? Can you provide a snippet of how you've re-written the routes?

Cheers.