Closed lucassmuller closed 5 years ago
the same issue is there any solutions !!?
Unfortunately, no. I still having this problem.
I have the same problem. On a fresh installation.
If you are in Apache server, I guess this should help you as it works on mine : Just add these lines on your .htaccess file :
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
as stated in this thread.
Hope that helps.
Can anyone help me with the nginx configuration?
Something to do with:
fastcgi_param HTTP_AUTHORIZATION $http_authorization;
in the fastcgi_params global or nginx.conf file to pass the auth. See more here:
https://stackoverflow.com/questions/46345676/rewrite-htaccess-to-nginx-with-http-authorization?rq=1
I'm using Laravel 5.6, this is my .htaccess file
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# RewriteCond %{HTTP:Authorization} ^(.*)
# RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
Still has same problem
same here. Laravel 5.6 Literally tried every fix.
@wqj97 did you get a solution?
@MitchMilton Yeah, I typed wrong token😂....
I'm having the same issue, with the same version of Laravel (5.6). Any ideas?
I'm having the same issue with Laravel 5.6, Homestead 7.6m and nginx. Has someone figured out a solution?
Unfortunately I did not find any solution and I left the thread but I will keep it open in case of any solution.
I have same problem
For me, I found that I had typed 'user' instead of 'users' for the provider in config/auth.php . Your guards seem to be ok though.
tried so many fixes for laravel 5.6 but not working. anyone solved this yet?
What is the actual error being thrown? People have mentioned they are getting 401's but is there any specific error message you are receiving as well? This would help narrow down the problem.
Same problem. But Im observable this happened app inside docker. The same laravel app, in same server but ousite directory, works fine. Who knows?
same problem
Same problem here, also on Laravel 5.6, valet, nginx
Checked my token at jwt.io, it's a valid token but the authentication fails at this line. https://github.com/lcobucci/jwt/blob/3.3/src/Parser.php#L94 Token expected containing 3 dots (parts) but the token contains 6 parts
Same Issue here with Laravel 5.6 and nginx with Docker. I tried this because it was the official package but I guess I will end on tymon/jwt-auth
Really no solution for this problem? I am in the same situation.
Upgrading to the lastest version of Laravel (clean project) fixed my problem.
https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30
Cookie Serialization Laravel 5.6.30 disables all serialization / unserialization of cookie values. Since all Laravel cookies are encrypted and signed, cookie values are typically considered safe from client tampering. However, if your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitary class methods within your application.
Disabling serialization on all cookie values will invalidate all of your application's sessions and users will need to log into the application again. In addition, any other encrypted cookies your application is setting will have invalid values. For this reason, you may wish to add additional logic to your application to validate that your custom cookie values match an expected list of values you expect; otherwise, you should discard them.
Configuring Cookie Serialization Since this vulnerability is not able to be exploited without access to your application's encryption key, we have chosen to provide a way to re-enable encrypted cookie serialization while you make your application compatible with these changes. To enable / disable cookie serialization, you may change the static serialize property of the App\Http\Middleware\EncryptCookies middleware:
/**
Hi all, I had this problem too. It happened to me after I updated laravel to 5.6.33 and passport, the problem was that I had an old cookie in my browser.
Removed the old cookie, logged in again and it works like a charm.
After last update to laravel 5.6.33 I'm receiving always 401 Unauthorized
error.
Before this update everything was working.
I'm trying to use my API through axios with CreateFreshApiToken
middleware.
I followed step by step guide from laravel doc to consume my api from javascript.
Login process works, but from authenticated web page ajax calls with axios receives always 401.
I deleted all cookies, but nothing.
Hi @ilvalerione try clearing caches in laravel with: php artisan cache:clear php artisan view:clear
Hello @nadj I forgot this option.
I tried just now also re-deleting all cookies from Chrome but it's still not working.
@ilvalerione check my comment above.
Oooh wow! It's working now!
I'm not a passport package expert, but If passport does not work without cookie serialization it could be necessary to include this configuration in the official passport doc.
In the meantime @a1tem @nadj really thanks for your support!
Thanks, @a1tem
Adding
/**
/* Indicates if cookies should be serialized.
/*
/* @var bool
*/
protected static $serialize = true;
in Http/Middleware/EncryptCookies.php
fixed it for me.
If you changed your users id type publish passport migrations and update them with the new column type. #806
Thanks @a1tem , adding serialize = true fixed it for me.
Hello. I have faced the problem too and I will try to solve with @a1tem 's solution tonight.
However, there is a news about Malicious on serialize() and unserialize(). Is it connected to the function on this?
@a1tem 's solution for me didn't work. Laravel 5.6.33, Passport 7.0. I am trying to access via REST API software.
Hello,
If anyone is getting unauthenticated error when accessing API via JavaScript (axios, jQuery etc.) using laravel_token cookie then here is the solution.
Normally, JWT::decode method throws an exception which says 'Malformed UTF-8 Characters' when the static variable $unserializesCookies is false (default value).
Passport class has a static method called 'withCookieSerialization'.
So, in boot method of your AuthServiceProvider class you should call Passport::withCookieSerialization();
Regards.
Hello, i am facing same problem here i'm doing to access user profile details after logout and there is expired authrization token but hit the api i'm getting html response and im not handling error where i can send customize error and message to android developer.
I'm getting the same problem with Laravel 5.6. Tried the $serialize = true
option but that made no difference. I can pass the token in the URL ?token=<token>
and that works fine, but if I try and pass it as a Bearer in the authorization header I continually get token required
errors. I have tried moving my Laravel app to apache but that also made no difference. I have also modified the .htaccess file in my public directory and again nothing. I'm out of ideas.
Hello,
If anyone is getting unauthenticated error when accessing API via JavaScript (axios, jQuery etc.) using laravel_token cookie then here is the solution.
Normally, JWT::decode method throws an exception which says 'Malformed UTF-8 Characters' when the static variable $unserializesCookies is false (default value).
Passport class has a static method called 'withCookieSerialization'.
So, in boot method of your AuthServiceProvider class you should call Passport::withCookieSerialization();
Regards.
Unauthenticated or Unauthorized?
Hi I went through the whole post, I am facing same issue with following config "laravel/framework": "5.6.30", "laravel/passport": "7.0",
@a1tem I followed what you suggested, no success same response "Unauthenticated" my post https://stackoverflow.com/questions/52496543/laravel-5-6-passport-unauthenticated
public function __construct() { $this->middleware('auth'); }
/**
Setting serialize=true worked for me. thanks @a1tem
Refering to the update docs setting serialize = true is not the best way.
https://laravel.com/docs/5.6/upgrade
You should instead use Passport with the withoutCookieSerialization() flag in AuthServiceProvider.
Hey everyone,
Like @a1tem said, there have been some changes to cookie serialization so make sure to clear caches and refresh your cookies to solve some of the problems.
Like @muhci said, there is support for disabling cookie serialization but it's undocumented. I'll send in a PR to the docs to document this config.
As for the server config issues with Apache & nginx: we cannot offer guidelines for every single situation. There have been issues about several situations int he past, please refer to the issue tracker for them for solutions or use one of the support channels for questions about them (Laracasts, Laravel.io, etc).
Please always make sure you're using the latest Laravel and Passport version.
As there have been much different issues in this thread, it's difficult to manage all of them here in one place. If you're experiencing a bug with something, feel free to first search if your problem has been reported before in the issue tracker and if not to create a separate issue with a detailed description of your problem.
Please refer to above answers to see if anything solves your problem.
Thanks for everyone who responded to this thread with answers and offering help. Much appreciated!
i am still getting the same error using Insomnia app to get the user data with 'Accept': 'application/json' and 'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciO....' (and this token was just created seconds ago) what i tried so far:
composer update
RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
protected static $serialize = true;
none of those worked for me
It turn out i am getting this error, because i am not using Postman the right way, lol! it should be with the Auth tab and i have been trying to do it with the Form tab.... silly mistake!
did any one has fixed this issue ?
Maybe some of the steps can help someone.. Please let me know if I did something wrong/insecure, I'm learning too.
I have two separate projects in my Homestead
I will not describe here what is already in the Laravel docs (Passport), just highlight the minimum I had to do to get authentication working, so please take a look at the docs for details.
composer install
php artisan migrate
php artisan passport:install
Laravel\Passport\HasApiTokens
trait to your App\User
model.config/auth.php
configuration file, change the api driver to passport
.Laravel\Passport\Passport::withCookieSerialization();
in the boot
method.AuthServiceProvider.php
add Laravel\Passport\Passport::personalAccessClientId('1');
in the boot
method. Where "1" is the ID(pk) of the oauth_client
table. The passport:install command generated the record so this ID represent your VueJs Application. Make sure to get the ID of the "Personal Access Client".Create a dedicated LoginController (you can make it different according to your needs)
routes/api.php
Route::post('login', '\App\Http\Controllers\Auth\LoginController');
LoginController.php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Features\UserModel;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class LoginController extends Controller
{
public function __invoke(Request $request)
{
if(Auth::attempt(['email' => $request->email, 'password' => $request->password])){
$user = Auth::user();
$success['token'] = $user->createToken('access_token')->accessToken;
return response()->json([
'data' => $success
], 200);
} else {
return response()->json([
'data' => 'API: Unauthorized Access'
], 401);
}
}
}
/src/main.js
window.axios = require('axios')
window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest'
window.axios.defaults.headers.common['Content-Type'] = 'application/json'
window.axios.defaults.baseURL = (process.env.NODE_ENV !== 'production') ? 'http://api.company.test/api/' : 'http://api.company.test/api/'
Vue.prototype.$http = window.axios
Create a vue route for your login page and make a login form. Here's the script part of the Login.vue
component
/src/views/Login.vue
<template></template>
<script>
export default {
data() {
return {
form: {
email: 'user@example.org',
password: 'secret',
remember: false
}
}
},
methods: {
login() {
this.$http.post('login', this.form)
.then((response) => {
let token = response.data.data.token
// Store the token in Vuex or Cookie.. or another secure location
// so you can retrieve it and attach again to the axios default headers
// in case user hit F5 or close the browser.
// this.saveTheToken(token)
this.$http.defaults.headers.common['Authorization'] = 'Bearer ' + token
this.$router.push('/dashboard')
})
.catch((err) => {
// email or password incorrect
console.error(err)
})
}
}
}
<script>
/src/views/Dashboard.vue
<template></template>
<script>
export default {
created() {
// api.company.test/api/dashboard (protected route with auth:api middleware)
// This request should have the Authorization header with the Baerer token attached to it
this.$http.get('dashboard')
.then(response => {
// Should work
console.log(response)
})
}
}
<script>
Please forgive any grammar error (English is not my native language)
@ezp127 do you find solution for above problem?
I'm using Laravel with Passport to secure my API with OAuth. Although, after using a authorized token got with PostMan tool, in all my request using the Passport middleware i'm getting 401. I installed Laravel twice and looked all around the Internet without success and followed this page for installation: click here. There is some of my codes:
The route i'm trying to access:
The auth guard:
And I'm using this header in my requests: