search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.3k stars 1.54k forks source link

401 unauthorized after copy full laravel to other server #2123

Open Amadorval75 opened 3 years ago

Amadorval75 commented 3 years ago

I have a working api (Laravel) with jwt authentication. Then when I have copied my API to another server, suddenly 401 error appears in all calls to the api.

login is working correctly and i get my token, but when i call any other api url with this token I always get the 401 Unauthorized error.

heimer16 commented 3 years ago

I'm getting a similar issue after setting up the site locally for development. I'm using postman to test the api routes. Everything works when pointing to live site, but just changing the url to local dev site, login works, gets token in response, but accessing any other routes with that token returns 401 unauthorized.

I tried generating a new secret key. Is there anything else server-specific that would need to be cleared/refreshed?

impl-kano commented 3 years ago

https://github.com/tymondesigns/jwt-auth/blob/ab00f2d7cce5f043067aef7849cdc792de2df635/src/Claims/Factory.php#L120

I guess sometimes this url() helper function indicates the wrong url based on your server setup...like redirecting from load balancer to an api server.

Is there any solution for this?

s1022027 commented 2 years ago

I had encountered this problem recently. Works fine locally, but after uploading to server everything changes, only login or some other routes which didn't need the bearer token work. Anyway, after doing some researches I found the reason is Apache. Apache doesn't "have HTTP_AUTHORIZATION" which JWT NEEDS!! You can phpinfo(); to look at the "PHP Variables", you can't find HTTP_AUTHORIZATION

my solution is Step.1 Switch to PHP FastCGI How to install php fastCGI? (I am using Debian 11 with php8.1 ) https://www.linuxcapable.com/how-to-install-php-8-1-on-debian-11-bullseye/ If it is successful, phpinfo(); Server API will switch to FPM/FastCGI

Step.2 Make sure you have these lines in your public folder .htaccess file I am using Lumen framework so it was build-on already.

# Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
prozec60300 commented 10 months ago

I had encountered this problem recently. Works fine locally, but after uploading to server everything changes, only login or some other routes which didn't need the bearer token work. Anyway, after doing some researches I found the reason is Apache. Apache doesn't "have HTTP_AUTHORIZATION" which JWT NEEDS!! You can phpinfo(); to look at the "PHP Variables", you can't find HTTP_AUTHORIZATION

my solution is Step.1 Switch to PHP FastCGI How to install php fastCGI? (I am using Debian 11 with php8.1 ) https://www.linuxcapable.com/how-to-install-php-8-1-on-debian-11-bullseye/ If it is successful, phpinfo(); Server API will switch to FPM/FastCGI

Step.2 Make sure you have these lines in your public folder .htaccess file I am using Lumen framework so it was build-on already.

# Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

This worked for me. Thanks for sharing @s1022027