search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.3k stars 1.54k forks source link

Exclude url from token #1259

Open wassimhattab opened 7 years ago

wassimhattab commented 7 years ago

Hello,

I'm using jwt in laravel and trying to submit reset password form where i don't have a token yet to send it.. i added the url in the verifycsrftoken in the middleware like this:

protected $except = [
        '/api/register',
        '/api/reset',
    ];

and still not working giving me : JWTException A token is required

Any help? Thank you

spirant commented 7 years ago

Hi @wassimhattab

It looks like you may be confusing CSRF tokens and JWT tokens. They are entirely unrelated. You need to ensure the route which resets passwords is not protected by the JWT middleware. You may well have nested the /api/reset route in a route group?

Route::group(array('prefix' => 'api', 'middleware' => ['jwt.auth', 'throttle:240,1']), function () {
    // Your routes are in here and protected by the JWT auth middleware

    // Guess at your possible route - it should not be in the same group as the other standard api routes which need JWT token protection
    Route::post('reset', 'ResetController@reset');
});

If you post your routes file it will be more clear what you have done...