API Calls failing in browser but not in Postman / Terminal

Hi All,

I am working on a Laravel 5.2 API that exposes some endpoints. I use JWT (tymondesign's) for auth and use one time tokens (so I refresh the token after every call).

For the moment I have these endpoints:

/authenticate (POST) where you send username & pass and receive a token in return if correct.
/profile/{uuid} (GET) where you send the UUID (this was part of the body that was returned after successfull auth) and the JWT token as an Authorization header (Bearer my_token_here)

When testing this via Postmand and cURL (from terminal) all is working perfectly.

When doing the same from my browser, the GET request always fails.

Here is the code for my middleware that seems to fail when the GET request comes in

        if (($token = JWTAuth::getToken()) && ($token = JWTAuth::refresh($token))
            && ($uuid = JWTAuth::getPayload($token)->get('sub'))) {
            $request->request->add(['uuid' => $uuid]);
            $request->request->add(['new_token' => $token]);
            return $next($request);
        }
        else {
          return new JsonResponse('Access Denied', 403);
        }

EDIT

It seems that JWTAuth::getToken() fails to get the token in case of a GET request... Any help would be greatly appreciated

Guardian

9 years ago

Best Answer

Level 1

Hmz, I seem to have found the solution...

Silly that I overlooked it: https://github.com/tymondesigns/jwt-auth/wiki/Authentication

Note to Apache users

Apache seems to discard the Authorization header if it is not a base64 encoded user/pass combo. So to fix this you can add the following to your apache config

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
Alternatively you can include the token via a query string

http://api.mysite.com/me?token={yourtokenhere}

I started using ?token={my_token} and now all works fine..

Please or to participate in this conversation.