search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.29k stars 1.54k forks source link

Possible Issue with Laravel "Quick start" documentation #2055

Open ampedweb opened 3 years ago

ampedweb commented 3 years ago

Subject of the issue

I've been having problems with getting a token to reliably refresh in my Nuxt PWA application I'm writing.

I believe it's possibly down to the documentation here:

https://jwt-auth.readthedocs.io/en/develop/quick-start/#add-some-basic-authentication-routes

Route::group([

    'middleware' => 'api',
    'prefix' => 'auth'

], function ($router) {

    Route::post('login', 'AuthController@login');
    Route::post('logout', 'AuthController@logout');
    Route::post('refresh', 'AuthController@refresh');
    Route::post('me', 'AuthController@me');

});

I believe the above should be something more like:

Route::group([

   'middleware' => ['api', 'auth:api'],
   'prefix' => 'auth'

], function ($router) {

    Route::post('login', 'AuthController@login')->withoutMiddleware(['auth:api']);
    Route::post('logout', 'AuthController@logout');
    Route::post('refresh', 'AuthController@refresh')->withoutMiddleware(['auth:api']);
    Route::get('me', 'AuthController@me');

});

Note the added middleware exclusions, mainly on the refresh route.

(This is my code and appears to fix my issue, feel free to make it more generic).

Perfectly happy to accept I'm missing something but thought this might help others down the line if the Docs are indeed off! :-)

Thanks!

Your environment

Q A
Bug? yes
New Feature? no
Framework Laravel
Framework version 8.13.0
Package version 1.0.1
PHP version 7.4.5

Steps to reproduce

Follow the quick start documentation then try using the Laravel JWT provider on this Nuxt module here: https://dev.auth.nuxtjs.org/providers/laravel-jwt (The suggested routes for Laravel were only recently added it seems, which is how I just fixed my issue)

Expected behaviour

My token should be reissued if a refresh has been requested within the specified time frame of 2 weeks

Actual behaviour

I get a 401 unauthorised response from the Laravel API

abhishekdeshkar commented 3 years ago

I'm also facing the same problem. Don't know what could be the possible issue.

abhishekdeshkar commented 3 years ago

Also they haven't updated the document since long time.

sakuriki commented 3 years ago

There is a contruct in AuthController on the docs if you scroll down a little

   /**
     * Create a new AuthController instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth:api', ['except' => ['login']]);
    }