Dec 27, 2017

Level 26

Error Log Problems When Using Laravel Passport for User Login Authentication

I use the Laravel Passport user login authentication if access_token expired will return "message": "Unauthenticated." This time will be written to the error log, how to get rid of this error log?

[2017-12-27 10:58:54] local.ERROR: The resource owner or authorization server denied the request. {"exception":"[object] (League\OAuth2\Server\Exception\OAuthServerException(code: 9): The resource owner or authorization server denied the request. at /Users/system/Workspace/stock-spa/vendor/league/oauth2-server/src/Exception/OAuthServerException.php:168)
[stacktrace]
#0 /Users/system/Workspace/stock-spa/vendor/league/oauth2-server/src/AuthorizationValidators/BearerTokenValidator.php(82): League\OAuth2\Server\Exception\OAuthServerException::accessDenied('Access token ha...')
#1 /Users/system/Workspace/stock-spa/vendor/league/oauth2-server/src/ResourceServer.php(82): League\OAuth2\Server\AuthorizationValidators\BearerTokenValidator->validateAuthorization(Object(Zend\Diactoros\ServerRequest))
#2 /Users/system/Workspace/stock-spa/vendor/laravel/passport/src/Guards/TokenGuard.php(110): League\OAuth2\Server\ResourceServer->validateAuthenticatedRequest(Object(Zend\Diactoros\ServerRequest))
#3 /Users/system/Workspace/stock-spa/vendor/laravel/passport/src/Guards/TokenGuard.php(90): Laravel\Passport\Guards\TokenGuard->authenticateViaBearerToken(Object(Illuminate\Http\Request))
#4 /Users/system/Workspace/stock-spa/vendor/laravel/passport/src/PassportServiceProvider.php(267): Laravel\Passport\Guards\TokenGuard->user(Object(Illuminate\Http\Request))
#5 [internal function]: Laravel\Passport\PassportServiceProvider->Laravel\Passport\{closure}(Object(Illuminate\Http\Request), NULL)
#6 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Auth/RequestGuard.php(58): call_user_func(Object(Closure), Object(Illuminate\Http\Request), NULL)
#7 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Auth/GuardHelpers.php(50): Illuminate\Auth\RequestGuard->user()
#8 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(61): Illuminate\Auth\RequestGuard->check()
#9 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(41): Illuminate\Auth\Middleware\Authenticate->authenticate(Array)
#10 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Auth\Middleware\Authenticate->handle(Object(Illuminate\Http\Request), Object(Closure), 'api')
#11 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#12 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(57): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#13 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Routing\Middleware\ThrottleRequests->handle(Object(Illuminate\Http\Request), Object(Closure), 500, '1')
#14 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#15 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#16 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Router.php(660): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#17 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Router.php(635): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request))
#18 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Router.php(601): Illuminate\Routing\Router->runRoute(Object(Illuminate\Http\Request), Object(Illuminate\Routing\Route))
#19 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Router.php(590): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request))
#20 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request))
#21 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(Illuminate\Http\Request))
#22 /Users/system/Workspace/stock-spa/vendor/fideloper/proxy/src/TrustProxies.php(56): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#23 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Fideloper\Proxy\TrustProxies->handle(Object(Illuminate\Http\Request), Object(Closure))
#24 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#25 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#26 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))
#27 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#28 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#29 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))
#30 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#31 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#32 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle(Object(Illuminate\Http\Request), Object(Closure))
#33 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#34 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(46): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#35 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure))
#36 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#37 /Users/system/Workspace/stock-spa/vendor/barryvdh/laravel-cors/src/HandlePreflight.php(30): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#38 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Barryvdh\Cors\HandlePreflight->handle(Object(Illuminate\Http\Request), Object(Closure))
#39 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#40 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#41 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#42 /Users/system/Workspace/stock-spa/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))
#43 /Users/system/Workspace/stock-spa/public/index.php(55): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))
#44 /Users/system/.composer/vendor/laravel/valet/server.php(133): require('/Users/system...')
#45 {main}
"}
"laravel.log" 49L, 9409C

Dullme

8 years ago

Level 26

who know？

Dullme

8 years ago

Level 26

no one？

Dullme

8 years ago

Level 26

? ? ? ?

patrickcarlohickman

8 years ago

Best Answer

Level 2

Well, you could add \League\OAuth2\Server\Exception\OAuthServerException::class to your $dontReport array in app/Exceptions/Handler.php. This will, however, prevent logging of all OAuthServerException exceptions, even those not related to your expired access token.

If you're okay with that, you're done. If you'd like to be more specific, then you would need to update your report() method (same file) instead of modifying the $dontReport array.

public function report(Exception $exception)
{
    // Kill reporting if this is an "access denied" (code 9) OAuthServerException.
    if ($exception instanceof \League\OAuth2\Server\Exception\OAuthServerException && $exception->getCode() == 9) {
        return;
    }

    parent::report($exception);
}

You can check out the OAuthServerException class to get a better understanding of all the errors that would cause the OAuthServerException exception to be thrown.

21 likes

sanjay23

7 years ago

Level 1

I am facing the same issue, But in my case, I am using API's and not sure which API cause this issue. Is there any way to get API's link which causes this error.

nodenacci

6 years ago

Level 3

Faced the same issue while moving my app to production. Initially i on the same server i had run it using the php built in server php artisan serve but when i created a virtual host the problem came up. My solution worked when i run composer dump-autoload and also cleared my cache php artisan cache:clear php artisan view:clear php artisan view:cache

lorimay21

4 years ago

Level 1

I'm currently facing this error. The app works fine on local and staging, however, this error occurs in production. It tried composer dump-autoload and php artisan cache commands but no luck. I haven't tried the best answer yet since it requires some code modification. Would there be other solutions aside from that? Thanks a lot!

dkroft

4 years ago

Level 5

'php artisan passport:purge' will purge outdated / unused tokens. your app will return to normal behavior.

dontoz

3 years ago

Level 1

For laravel 8+

public function report(Throwable $e)
    {
        if ($e instanceof \League\OAuth2\Server\Exception\OAuthServerException && $e->getCode() === 9) {
            return;
        }
        parent::report($e);
    }

thanks to @patrickcarlohickman

2 likes

shpirtziu

1 year ago

Level 1

For everyone that is in laravel 11 this will work.

$exceptions->report(function (\League\OAuth2\Server\Exception\OAuthServerException $e) use($exceptions) {
            if($e->getCode() === 9){
                return false;
            }
            return $e;
        });
```php

milenial

1 year ago

Level 1

Laravel 11

file: bootstrap/app.php
exceptions section

return Application::configure(basePath: dirname(DIR))

->withExceptions(function (Exceptions $exceptions) {
    
    // Loga os erros do Passport no Middleware api:auth
    $exceptions->report(function (\League\OAuth2\Server\Exception\OAuthServerException $e) {
        // Ignora erro de token expirado/revogado (código 9)
        if ($e->getCode() === 9) {
            \Log::info('[Passport] Token inválido ou expirado.', [
                'message' => $e->getMessage(),
                'path' => request()->path(),
                'ip' => request()->ip(),
            ]);

            return false;
        }

        return $e;
    });
})->create();

Please or to participate in this conversation.