Token Not Provided

[mcblum]

Hello.

I've added the following header to all of my requests in Angular:

Authorization: Bearer eyJhbGciOiJI...

and I can see that it's working. On the Laravel side I'm using:

public function __construct()
{
    $this->middleware('jwt.auth');
}

No matter what I do I'm getting 400 bad request, token_not_provided. Any idea what might be going on?

Thank you for your work on this package. Matt

[donald-slagle]

I ran into the same issue. It turns out apache removes the authorization header by default. (A little ridiculous in my opinion). By dropping the following in your .htaccess file in your public folder fixes the issue:

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

[mcblum]

Thank you! I had it in my .htaccess file for the app root directory but not the public directory. That fixed everything. Great work on this!!!

[donald-slagle]

No problem. Glad that fixed it for you. I use Apache on my local dev environment and Nginx in production. Nginx does not remove the header so there is no need for extra configuration. This might be something nice to add to the installation wiki to prevent someone from running into the same issue.

[tymondesigns]

Glad you sorted it.. I will b looking at the whole request parsing system soon, as I think it needs tightening up a bit.

Thanks

[IvanKalinin]

I added RewriteCond %{HTTP:Authorization} ^(.) RewriteRule . - [e=HTTP_AUTHORIZATION:%1] into my .htaccess in public, but token not provided still

[csprocket777]

IvanKalinin, I think you're missing some asterisks

[jsartisan]

tried the answer by @donald-slagle. It worked ! Thanks a lot :)

[lfaz]

@donald-slagle saved my day :+1:

[Hammad51]

RewriteCond %{HTTP:Authorization} ^(.) RewriteRule . - [e=HTTP_AUTHORIZATION:%1] put this into my project .htaccess but still "token_not_provided" :(

[mcblum]

@Hammad51 Did you put it in the .htaccess in your public directory?

[Hammad51]

yes, i did.. here is my .htaccess Options +FollowSymLinks RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUESTFILENAME} !-f RewriteRule ^ index.php [L] RewriteCond %{HTTP:Authorization} ^(.) RewriteRule ._ - [e=HTTP_AUTHORIZATION:%1]

[mcblum]

Try putting it as the first thing. I don't know if that will help, but that's how mine is and it works:

Rewrite

Options -MultiViews ``` RewriteEngine On # Redirect Trailing Slashes... RewriteRule ^(.*)/$ /$1 [L,R=301] # Fix authentication headers RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] ```

[Hammad51]

still {"error":"token_not_provided"}

[mcblum]

I'm 99% sure it's not a bug since I have this used in about 10 different Laravel apps, of all versions, and it works great. Did you check the request to make sure it includes the header when the browser makes it?

[Hammad51]

This is my request header Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Encoding:gzip, deflate, sdch Accept-Language:en-US,en;q=0.8,ms;q=0.6,ur;q=0.4 Cache-Control:max-age=0 Connection:keep-alive Cookie:_ga=GA1.1.1250682879.1451633371 Host:localhost Upgrade-Insecure-Requests:1 User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36

[mcblum]

There's no auth in that request header.

[mcblum]

You'll need to add the Authorization: Bearer {{key}}

[Hammad51]

have a look at my routes.php $api->group([ 'version' => 'v1', 'namespace' => 'App\Http\Controllers\api', 'middleware' => 'jwt.auth', ], function($api){ $api->get('users', ['uses' => 'UsersController@getUsers']); $api->get('/user/{id}', ['uses' => 'UsersController@getUser', 'as' => 'singleUser']); $api->post('/user', ['uses' => 'UsersController@saveUser', 'as' => 'saveUser']); $api->put('/user/{id}', ['uses' => 'UsersController@updateUser', 'as' => 'updateUser']); $api->delete('/user/{id}', ['uses' => 'UsersController@deleteUser', 'as' => 'deleteUser']); });

[mcblum]

I don't think you understand how this works. Please re-read the tutorial. What you're looking for in your headers (in Postman or Chrome when actually testing) is the Authorization header:

Accept:application/json, text/plain, / Accept-Encoding:gzip, deflate Accept-Language:en-US,en;q=0.8,de;q=0.6,es;q=0.4,pt;q=0.2 Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjEsImlzcyI6Imh0dHBzOlwvXC93d3cubWF0dGJsdW1waG90b2dyYXBoeS5jb21cL2FwaVwvdjFcL2F1dGhlbnRpY2F0ZSIsImlhdCI6IjE0NTI3MDI3ODMiLCJleHAiOiIxNDU2MzAyNzgzIiwibmJmIjoiMTQ1MjcwMjc4MyIsImp0aSI6ImFlNzgxYjVhMTcwMTMxZmU3NmFlZTg4OWY4ZGY5NmVlIn0.H0XDsZATgFf3BmTnUh9f7yRVN0VpQLNrG35YqcQ7IPY Cache-Control:no-cache Connection:keep-alive Content-Length:817 Content-Type:application/json;charset=UTF-8

[Hammad51]

hmm thank you for your kind response.. but i don't know how to include this into headers. i configured jwt with my lumen by following this tutorial but something is wrong with headers http://laravelista.com/json-web-token-authentication-for-lumen/

[mcblum]

Ok not to be a jerk, but then that's why it won't work. Learn how to do that and then it will work :)

[Hammad51]

Thank you very much for your prompt replies, really appreciated. I'm going to take a look at jwt again.

[mcblum]

It's right there in the name: Javascript Web Token. You have to use JS to put the header in. We use Angular but any JS will work, you just have to learn how to do it for whichever framework you're using. Good luck.

[Hammad51]

Hello again, i get it working.. i'm sending my generated token to get response from protected routes but all i get in response is { "error": "user_not_found" } This is how i'm generating token $user = Auth::user(); return $token = JWTAuth::fromUser($user); any thoughts why i'm getting this? I'm sorry, i'm new to JWT

[fillit]

Hi there

I am struggling with the same error token_not_provided when calling a request through Postman. My .htaccess file is: RewriteEngine On

RewriteCond %{HTTP:Authorization} ^(.) RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

RewriteCond %{REQUEST_URI} !^public RewriteRule ^(.*)$ public/$1 [L]

Looking at dev tools I can see I am passing through the Authorisation Bearer: Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0MSIsImlzcyI6Imh0dHA6XC9cL2RldmFwaS5maWxsaXQuY28uemFcL3YxXC9hdXRoZW50aWNhdGUiLCJpYXQiOiIxNDUyOTM2MTg0IiwiZXhwIjoiMTQ1MzAyMjU4NCIsIm5iZiI6IjE0NTI5MzYxODQiLCJqdGkiOiI0NzkwOTc4MTExODVhYzZjZGNlNTM4ZTFhYjk4NWU1ZiJ9.8nQ8Jy9wtObjYY7eAKzPplisJhcYQvT8vKaG_tROo14

My API is on a subdomain, could that have something to do with it?

Thanks

[mcblum]

@fillit What is this?

RewriteCond %{REQUEST_URI} !^public RewriteRule ^(.*)$ public/$1 [L]

[mcblum]

@Hammad51 How are you instantiating that Auth object? If you to Log::info(Auth::user()) what do you get?

[fillit]

@mcblum the api is a subdomain i.e. api.subdomain.com. This code: RewriteCond %{REQUEST_URI} !^public RewriteRule ^(.*)$ public/$1 [L]

is to be able to access the subdomain.

Do you know of an alternate method for this?

[Hammad51]

@mcblum i get authenticated user by Auth::user(); then i generate my token by following the docs https://github.com/tymondesigns/jwt-auth/wiki/Creating-Tokens#creating-a-token-based-on-a-user-object

$user = Auth::user(); return $token = JWTAuth::fromUser($user);

i'm using lumen 5.2

[isometriq]

Nice fix, saved me too! BTW it appears that this fix is not needed with "artisan serve", likely related to an earlier apache version.

[isometriq]

@fillit change this: RewriteCond %{HTTP:Authorization} ^(.) RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

for this: RewriteCond %{HTTP:Authorization} ^(.) RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

(asterisks "*" are missing, regex stuff)

[isometriq]

Seems to be a config thing https://httpd.apache.org/docs/2.4/en/mod/core.html#cgipassauth

it's in the docs too https://github.com/tymondesigns/jwt-auth/wiki/Authentication

[tdhsmith]

@Hammad51 - The stable releases of jwt-auth don't yet support Lumen 5.2. It first started getting fixed on the dev branch a couple days ago. You can see #384 & #376 for details.

@isometriq - I think the asterisks were in @fillit's original code, but they got removed by GitHub's markdown parsing. (Yours are missing too and both of you have italics in your messages.) You can escape them with backslashes *, or use code blocks with tick marks ```:

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

@fillit - Which version of jwt-auth are you on? And Laravel/Lumen? Can you tell if the token is making it to Laravel or not? (e.g. print out Request::header('Authorization'))

There's a good overview of debugging basic Apache/Laravel authorization header problems in this StackOverflow thread.

[isometriq]

@tdhsmith oops, you're damn right

[fillit]

@tdhsmith I found my issue - I wasn't updating the /public/.htacess file as well (what an idiot!!!)

Thanks!

[thabungm]

@mcblum Here is my header at client side `Accept:application/json, text/plain, /

Accept-Encoding:gzip, deflate, sdch

Accept-Language:en-US,en;q=0.8

Authorization:Bearer yJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjE1LCJpc3MiOiJodHRwOlwvXC9zZXJ2ZWFzZW1lLmxvY2FsXC9pbmRleC5waHBcL2FwaVwvYXV0aGVudGljYXRlIiwiaWF0IjoxNDU0MzE1NDAyLCJleHAiOjE0NTQzMTkwMDIsIm5iZiI6MTQ1NDMxNTQwMiwianRpIjoiNTU2MzYzMmRjNjVkODE0NDE3ZDRkNDdhMjYxMDRiZGIifQ.Qyzsj0ragMvFiDhZpqN4WJOyuQXZvWYF9pWV6Bsafsc

Connection:keep-alive

Host:my.local

Origin:http://localhost`

Here's my .htaccess Still I am getting {"error":"token_not_provided"}

`

<IfModule mod_negotiation.c>

    Options -MultiViews

</IfModule>

RewriteEngine On

# Redirect Trailing Slashes...

RewriteRule ^(.*)/$ /$1 [L,R=301]

# Fix authentication headers

RewriteCond %{HTTP:Authorization} ^(.*)

RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

# Handle Front Controller...

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_FILENAME} !-f

RewriteRule ^ index.php [L]

`

What could be the problem?

[TomSta]

Same thing happened to my... on Safari, using Laravel as I wanted to return redirect to different's controller action, looks like safari looses auth header when getting redirected. returning view directly helped so...

this didn't work (just on safari): redirect()->action('UiController@showLoggedIn')

this works though: return view('php.showLoggedIn')

[bahman2216]

Same error. Im using version ^1.0@dev I did all works but: Token not provided

[milosb793]

I can't get token: {"error":"token_not_provided"} when trying to authenticate...

[denisexavier]

I followed the step by @donald-slagle and it worked. I've restarted my serve as well. Thanks @donald-slagle

[Alishoaib]

i have tried all solutions mentioned here but doesn't work for me. I am stuck in this issue plz check out my code if any body can help me My publich/htaccess

Options -MultiViews RewriteEngine On # Handle Authorization Header RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L]

my route is Route::get('customers','CustomerController@index');

My response header is Access-Control-Allow-Headers: Origin, Content-Type, x-xsrf-token Access-Control-Allow-Origin: http://localhost:4200 Cache-Control: no-cache, private Connection: close Content-Type: application/json Date: Tue, 05 Jun 2018 18:46:29 GMT Date: Tue, 05 Jun 2018 18:46:29 +0000 Host: localhost:8000 Set-Cookie: XSRF-TOKEN=eyJpdiI6ImtuOGpcL05xRGZDU1ZqcVA1dCs1a1VRPT0iLCJ2YWx1ZSI6Ikh2RFRveDFNZFwvbm1NcDBpaWJzd2tIazNOR1g3b2ZPVVRpbEhWTG9VN1ZCUzRnUmxkY2czRXR4a1ZJUE9oTjk0RkhleHhcL0phNDRCM1k0RFkyM1FHemc9PSIsIm1hYyI6ImM4OTJjZjEwMThhYjBlOTIyZjA0YTZlMjRmZWU1NzE2NzdjOTBjYTMwN2FiNDc1ZDlhMWZlZjBlNzE4MmVjZmMifQ%3D%3D; expires=Tue, 05-Jun-2018 20:46:29 GMT; Max-Age=7200; path=/ Set-Cookie: laravel_session=eyJpdiI6ImZ4ZVZkbWJYZTg3TXp6WDZKVlZqQUE9PSIsInZhbHVlIjoiODhSelVTTHBCMkljRG0xVjR1TE11RXRnNUxNOG1LblFrUXdBamVsYnpRVjJteWxQbkpJXC92QldBVTFOQlV0clA5RlwveGtFMmQrVDdZK1lXUzRTa3MyQT09IiwibWFjIjoiM2VhZmVmNTAzYjBmYTlkNGUzYWY5YmQ3M2UzZDgxZjhkNjNlMzYyYzQ1MmZlZDljZGRmOGE0NzI2ZmVlMjMxMSJ9; expires=Tue, 05-Jun-2018 20:46:29 GMT; Max-Age=7200; path=/; HttpOnly Transfer-Encoding: chunked X-Powered-By: PHP/7.2.1

my request header is Accept: application/json, text/plain, / Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: keep-alive Host: localhost:8000 Origin: http://localhost:4200 Referer: http://localhost:4200/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36

Resposne : {"error":"token_not_provided"}

[dev4ndy]

Hi, I have the same problem as {'error': 'token_not_provided'}. I'm using Laravel 5.6 with "tymon / jwt-auth": "^ 0.5.12", everything worked fine on my localhost, but when I uploaded it to the hosting now I get the error mentioned above. In the headers I am sending the token, and I already change the .htaccess as indicated in this thread, but even so it does not work for me. Here are the headlines:

` Response Headers

Access-Control-Allow-Origin: https://www.********.com Access-Control-Expose-Headers: Authorization Cache-Control: no-cache, private Connection: close Content-Type: application/json Date: Sat, 21 Jul 2018 03:20:18 GMT Server: Apache Transfer-Encoding: chunked Vary: Origin X-Powered-By: PHP/7.2.7 X-RateLimit-Limit: 60 X-RateLimit-Remaining: 58

Request headers

Accept: application/json Accept-Encoding: gzip, deflate, br Accept-Language: es-CO,en-US;q=0.7,en;q=0.3 Access-Control-Allow-Headers: Origin, X-Requested-With, Cont…t-Type, Accept, Authorization Authorization: Bearer eyJ0....... Cache-Control: no-cache Connection: keep-alive Content-Type: application/json Host: **.com Origin: https://www.**********.com Pragma: no-cache Referer: https://www.********.com/FrontAppDomicilio/ User-Agent: Mozilla/5.0 (X11; Linux x86_64…) Gecko/20100101 Firefox/61.0 `

Another thing I'm using a subdomain

[Alishoaib]

send me code of ur core.php file

On Sat, 21 Jul 2018 at 8:40 AM, Andres David Echeverri Jimenez < notifications@github.com> wrote:

Hi, I have the same problem as {'error': 'token_not_provided'}. I'm using Laravel 5.6 with "tymon / jwt-auth": "^ 0.5.12", everything worked fine on my localhost, but when I uploaded it to the hosting now I get the error mentioned above. In the headers I am sending the token, and I already change the .htaccess as indicated in this thread, but even so it does not work for me. Here are the headlines:

` Response Headers

Access-Control-Allow-Origin: https://www.********.com Access-Control-Expose-Headers: Authorization Cache-Control: no-cache, private Connection: close Content-Type: application/json Date: Sat, 21 Jul 2018 03:20:18 GMT Server: Apache Transfer-Encoding: chunked Vary: Origin X-Powered-By: PHP/7.2.7 X-RateLimit-Limit: 60 X-RateLimit-Remaining: 58

Request headers

Accept: application/json Accept-Encoding: gzip, deflate, br Accept-Language: es-CO,en-US;q=0.7,en;q=0.3 Access-Control-Allow-Headers: Origin, X-Requested-With, Cont…t-Type, Accept, Authorization Authorization: Bearer eyJ0....... Cache-Control: no-cache Connection: keep-alive Content-Type: application/json Host: **.com Origin: https://www.**********.com Pragma: no-cache Referer: https://www.********.com/FrontAppDomicilio/ User-Agent: Mozilla/5.0 (X11; Linux x86_64…) Gecko/20100101 Firefox/61.0 `

Another thing I'm using a subdomain

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/tymondesigns/jwt-auth/issues/81#issuecomment-406767841, or mute the thread https://github.com/notifications/unsubscribe-auth/AQLHbJFZynh7SFhKZayaXkQDzk63vo-2ks5uIqKxgaJpZM4D-Tlw .

-- Thanks and Regard Ali Shoaib Software Engineer Contact: +92-3225325694 Skype : ali.shoaib7 Flat no 4 block no 22 PHA flats Street# 118, Sector G-11/4, Islamabad, Pakistan.

[dev4ndy]

Hello @Alishoaib , thanks for reply. But in my project I do not have that file.

[Alishoaib]

Are you working on restfull services in laravel ?

On Sun, 22 Jul 2018 at 12:55 AM, Andres David Echeverri Jimenez < notifications@github.com> wrote:

Hello @Alishoaib https://github.com/Alishoaib , thanks for reply. But in my project I do not have that file.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/tymondesigns/jwt-auth/issues/81#issuecomment-406819944, or mute the thread https://github.com/notifications/unsubscribe-auth/AQLHbLfZ_6jGYHMIbBVi0pQosBUOMic1ks5uI4dFgaJpZM4D-Tlw .

-- Thanks and Regard Ali Shoaib Software Engineer Contact: +92-3225325694 Skype : ali.shoaib7 Flat no 4 block no 22 PHA flats Street# 118, Sector G-11/4, Islamabad, Pakistan.

[dev4ndy]

@Alishoaib It could be said that yes although I only work with the GET and POST methods. I also work only with API routes. I have solved for now, although I do not like it at all. What I did was send the token as a parameter, and now if I take it. But it is not a solution with which you are satisfied.

[victorighalo]

RewriteCond %{HTTP:Authorization} ^(.) RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

This worked for my own case. I had to enter the token as a query string.

[1236897]

deploy the app in apache24 and added config as below in .htaccess file, but not work, should I add any something in apache24 ?

Options +FollowSymLinks RewriteEngine On

RewriteCond %{HTTP:Authorization} ^(.) RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L]