Open caposaric opened 7 years ago
Try JWTAuth::setRequest($request)->getToken()
where $request
is the Request object.
You can also use the Request facade to check if the Authorization header exists in Laravel.
You may have to adjust your .htaccess file to allow the Authorization header through
Dang same issue here... I see Authorization in the headers, and I can pull it to a variable, then set the token manually...
`$token = JWTAuth::getToken();
echo 'token: ' . $token; //no token
JWTAuth::setRequest($request);
echo 'token: ' . $token; //no token
$header_token = $request->header('Authorization');
$form_token = $request->token;
JWTAuth::setToken($header_token);
$token = JWTAuth::getToken();
echo 'token: ' . $token; //works for both header and form;
as far as getting JWTAuth working I see a call to 'starts_with' in jwtAuth parseAuthHeader... I don't see that function available. Also I notice the string 'bearer' must be included in the header somehow.
also in parseToken i see $this->request->query($query, false)
which returns false. I need to use $request->token
I am using laravel5.4
Update .... after 3 hours
added 'Bearer ' in via js and the headers are now being read.
request.setRequestHeader("Authorization", 'Bearer ' + localStorage.getItem('jwt-token'));
having same problem
using nginx
For the record, I ended up using jwt-auth development branch and setting up JWTGuard, as suggested in #860. The guide is written for Laravel 5.3, but worked well with 5.4. Now I'm able to use Authorization header and Laravel's Auth facade to access current authenticated user.
public static function isUserAuthorized(Request $request): bool
{
static $isUserAuthorized = null;
static $requestHash = null;
$requestHash = $requestHash ?? spl_object_hash($request);
$authProcess = function(Request $request) {
try {
JWTAuth::setRequest($request)->parseToken();
} catch (\Throwable $e) {
return false;
}
try {
$token = JWTAuth::getToken();
if (false === $token) {
return false;
}
$user = JWTAuth::authenticate($token);
if (false === $user) {
return false;
}
} catch (TokenExpiredException $e) {
try {
$token = JWTAuth::refresh();
static::$newToken = $token;
} catch (TokenExpiredException $e) {
return false;
}
} catch (\Throwable $e) {
return false;
}
return true;
};
if($requestHash !== spl_object_hash($request)) {
$isUserAuthorized = $authProcess($request);
} elseif(is_null($isUserAuthorized)) {
$isUserAuthorized = $authProcess($request);
}
return $isUserAuthorized;
}
The key moment in this solution is
JWTAuth::setRequest($request)->parseToken();
Now you've got the token from the header of the given request
$token = JWTAuth::getToken();
Be sure .htaccess has authorization header configured . The below worked for me in Lumen 7
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
I'm using
jwt.auth
as middleware for some API routes. However, I can't get it to work by passing the token on the Authorization header.Adding the token via JSON for POST requests or via URL for GET requests gets me past authentication, but Authorization header is just not working. Has anyone gone through this before?
I've tested this with Postman/RequestBin, Alamofire on my iOS app, returning the request as the response, and the header is always sent correctly, just being ignored by Laravel.
Also, once authenticated, I'm unable to get the current user by calling
Auth::user()
, which would be the expected behavior. I suspect this happens because of the same Authorization header issue, but I'm not quite sure about this.I've been using
JWTAuth::parseToken()->authenticate()
as a workaround, but I know this shouldn't be necessary as the user is supposed to be already authenticated and available via the Auth facade since its already past the middleware.By the way, I'm working on Homestead with default settings (nginx), Laravel 5.4.