search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.32k stars 1.54k forks source link

the respond Always 401 "Unauthorized" #1740

Open baderAmmoun opened 5 years ago

baderAmmoun commented 5 years ago

Subject of the issue

Describe your issue here.

I followed all the configuration in the documentation but always I get the same respond from the server even I send a valid credentials

LastxTemplar commented 5 years ago

Give us more information about your issue. How do you make the call, how does your controller look like, etc. What you described here is not enough to help you with anything.

baderAmmoun commented 5 years ago

my call on the postman : http://127.0.0.1:8000/auth/login the body is: { "email":"baderfull@hotmail.com", "password":"1234" } the rout as following: Route::group([

'middleware' => 'api',
'prefix' => 'auth'

], function ($router) {

Route::post('login', 'AuthController@login');
Route::post('logout', 'AuthController@logout');
Route::post('refresh', 'AuthController@refresh');
Route::post('me', 'AuthController@me');

});

and the controller :

class AuthController extends Controller {

public function __construct()
{
    $this->middleware('auth:api', ['except' => ['login']]);
}

/**
 * Get a JWT via given credentials.
 *
 * @return \Illuminate\Http\JsonResponse
 */
public function login()
{
    $credentials = request(['email', 'password']);

    if (! $token = auth()->attempt($credentials)) {
        return response()->json(['error' => 'Unauthorized'], 401);
    }

    return $this->respondWithToken($token);
}

/**
 * Get the authenticated User.
 *
 * @return \Illuminate\Http\JsonResponse
 */
public function me()
{
    return response()->json(auth()->user());
}

/**
 * Log the user out (Invalidate the token).
 *
 * @return \Illuminate\Http\JsonResponse
 */
public function logout()
{
    auth()->logout();

    return response()->json(['message' => 'Successfully logged out']);
}

/**
 * Refresh a token.
 *
 * @return \Illuminate\Http\JsonResponse
 */
public function refresh()
{
    return $this->respondWithToken(auth()->refresh());
}

/**
 * Get the token array structure.
 *
 * @param  string $token
 *
 * @return \Illuminate\Http\JsonResponse
 */
protected function respondWithToken($token)
{
    return response()->json([
        'access_token' => $token,
        'token_type' => 'bearer',
        'expires_in' => auth()->factory()->getTTL() * 60
    ]);
}

}

and I implement JWTSubject interface on user model

LastxTemplar commented 5 years ago

Try to change your login function to use guard() instead of auth(). I had a lot of trouble making this work, but in the end, this solution worked for me:

if (! $token = $this->guard()->attempt($credentials)) {
    return response()->json(['errors' => 'These credentials do not match our records.'], 401);
}
LastxTemplar commented 5 years ago

If that works, change all instances of auth() to $this->guard() in your code.

baderAmmoun commented 5 years ago

I tried like this but the method does not exist

baderAmmoun commented 5 years ago

I''m thinking that the problem with hashing password But I don''t know how can I fix it

StudiosKelemy commented 5 years ago

Hi, all about this are not a problem with password hashing or guard or also token. It's about EXCEPTION ERROR HANDLER : You must put this in your laravel hander.php exception :

StudiosKelemy commented 5 years ago

// exception for UnauthorizedHttpException if ($exception instanceof UnauthorizedHttpException) { return response()->json([ "error" => "not authorized" ], 401); }

    // exception for TokenBlacklistedException
    if ($exception instanceof TokenBlacklistedException) {
        return response()->json([
            "error" => "token blacklisted"
        ], 401);
    }
commentatorboy commented 5 years ago

Try and take a look at my repo. I have successfully created a Test driven development environment with laravel 5.8 and jwt. Try and take a look inside app/User.php and app/AuthController.php and other related things. https://github.com/commentatorboy/testttdlaravel/commit/69aad299eac458a873e04d56a18a399e8a85992e

I can say that I DID NOT use the solutions mentioned in this issue.

imjad commented 4 years ago

just converter format password

ex 'password' => bcrypt($request->password),

stale[bot] commented 3 years ago

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

mateusberlitz commented 3 years ago

What occured to me, was solved by @imjad answer,

Actually, the solution of the problem is that the auth() method expects encrypted passwords to be saved in your database. So, save yours passwords like this: bcrypt($request->password).

Abdumalik2022 commented 2 years ago

if you use postman just change Content-Type: application/json to Content-Type: application/x-www-form-urlencoded