auth:api middleware routes being redirected to login route (passport)

Posted 2 months ago by mrkowala

So I've seen a lot of people posting about this, but most of the time it appears to be issues with the headers (which I'm not dismissing in this case), but here's the situation:

APIPostsController.php

<?php

namespace App\Http\Controllers\API;

use Illuminate\Http\Request;

use App\Post;
use App\Http\Controllers\Controller;

class APIPostsController extends Controller
{

    
    public function apiPosts()
    {
    //Just for testing purposes

        return response()->json([
            'name' => 'Abigail',
            'state' => 'CA'
        ]);
    }
}

api.php

<?php

use Illuminate\Http\Request;

/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/


Route::get('/v1/posts/','API\[email protected]');

I am currently able to go to oauth/token to request an access_token. Now, you'll notice in both of those files that there is no mention of the auth:api middleware - that's because as soon as I do that, the requests I send become 401: Unathenticated. The header I have is :

Authorization: Bearer token_goes_here Accept: application/json

I'm able to get a response with and without the token (obviously, since the middleware isn't be used). But this breaks as soon as I pass the route through the api:auth middleware by giving me that 401 error. Any thoughts?

auth.php

/*
    |--------------------------------------------------------------------------
    | Authentication Guards
    |--------------------------------------------------------------------------
    |
    | Next, you may define every authentication guard for your application.
    | Of course, a great default configuration has been defined for you
    | here which uses session storage and the Eloquent user provider.
    |
    | All authentication drivers have a user provider. This defines how the
    | users are actually retrieved out of your database or other storage
    | mechanisms used by this application to persist your user's data.
    |
    | Supported: "session", "token"
    |
    */

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],
    ],

Please sign in or create an account to participate in this conversation.

Reply to

Use Markdown with GitHub-flavored code blocks.