Laravel 5.3 Passport API unauthenticated in Postman using personal access tokens

Published 11 months ago by twiggy99

I have set-up Laravel using passport as per the documentation here: https://laravel.com/docs/5.3/passport

A few people have asked about this using the oAuth implementation but I'm trying to use the personal access tokens not oAuth. One suggestion was to remove the auth middleware but obviously this leaves the application wide open so anyone can make requests.

I have the following route (in routes/api.php):

Route::get('/test', function(){
    return 'returned string from test route';
})->middleware('auth:api');

This works if I remove the auth middleware so the route is working correctly but when enabling the auth middleware again I get the following error in postman:

{"error":"Unauthenticated."}

These are the headers being sent via postman:

GET /api/test HTTP/1.1
Host: localhost:8000
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImU4ZmY5MDMwY2EyM2E2MDYwODViN2Y3ZWNiMzcxNDY1MzQxNDViNTk4ODU4NmZhNDljYzU2YjMzYWZiNzhkYTk5OTIwZWMzYzEwNTBkNjZjIn0.eyJhdWQiOiIyIiwianRpIjoiZThmZjkwMzBjYTIzYTYwNjA4NWI3ZjdlY2IzNzE0NjUzNDE0NWI1OTg4NTg2ZmE0OWNjNTZiMzNhZmI3OGRhOTk5MjBlYzNjMTA1MGQ2NmMiLCJpYXQiOjE0NzU1MDMxNjUsIm5iZiI6MTQ3NTUwMzE2NSwiZXhwIjowLCJzdWIiOiIxIiwic2NvcGVzIjpbXX0.IpzKK29dJCpliUXQvPRss87kGFngFcXXwV3jRwhbZOZLxl-4UV70cBsSigmqUuBsHQ4onVl_Cjcq6cEmMFvTZZr7D9AtY3EmScvMPjoFh4KQ3wgd5CoyWfcLQgoBxbElNxL0xW2fIQhpeQd_8Yz_Pr5BByGVTpxfg4JJZ4PzovvZsa2R3izYtqw6-qeurQOtsfOnot5uoLDeDDc76klifnfHfOcNZSoIFGNP3gIGKYBe6lfFuDViR_mQkwQS5_UmERt3GSkEvJjGMtwcRjWY7VPAJ4tvWLnyLw0roGU2e37L0wsqfJ8OrG0Cipv-anXAW_utSo-fiVMr8ZeAWIPguq73Zd44x95YY3nNPOKD5dVIRZM7rQgdhjIwTEz1ggtSXLp-Fu3QOtXaHUahCHvjOTdiTYEa-GR4TZ5wGzt-aRhjdBB7WTe0C6T9ZWVwQr0kJk8AxW6ne87wwJYp_shGunTclZ3SCq5VYg2K_MclbJl65-dT8x-nwqg0lqfNx9s1wmtryrMFIPoBEyaGNEK1aWGHKq418-BIQ1_UAhcHHtEXclWvsGWwhyo3aso-E-sCN2o_IkYvSboIsdFAIXvDvQmoAwis6f1J57zWH8AW1ynCFcBgzBDjIyiaCE5nqtb_4zbEXr8L1EbcllbtZkq3vd9w996kO7xlpBEWwPY8IWg
Accept: application/json
Cache-Control: no-cache
Postman-Token: 6bc483b2-23df-acce-7eef-5a443f8f5d45
Best Answer (As Selected By twiggy99)
doublep

I got the exact same problem a while ago. And this is what I've done to fix it, more details in this post: https://github.com/laravel/passport/issues/47

So this is normally to fix the oAuth Client tokens: The expiry date is set to now + 100 years in Passport.php, line 167.

return static::$tokensExpireAt
? Carbon::now()->diff(static::$tokensExpireAt)
: new DateInterval('P100Y');

If you set it to, i.e., P1Y, it is working. Something like:

return static::$tokensExpireAt
? Carbon::now()->diff(static::$tokensExpireAt)
: new DateInterval('P1Y');

The same holds true for the refresh token a few lines below:

return static::$refreshTokensExpireAt
? Carbon::now()->diff(static::$refreshTokensExpireAt)
: new DateInterval('P1Y');

And this is for the Personal Tokens: And also in PassportServiceProvider.php line 84, concerning the Personal Tokens:

$server->enableGrantType(new PersonalAccessGrant, new DateInterval('P1Y'));

Hope it helps ! :)

Chathula

i also have the same problem.. i don't know why....

doublep

I got the exact same problem a while ago. And this is what I've done to fix it, more details in this post: https://github.com/laravel/passport/issues/47

So this is normally to fix the oAuth Client tokens: The expiry date is set to now + 100 years in Passport.php, line 167.

return static::$tokensExpireAt
? Carbon::now()->diff(static::$tokensExpireAt)
: new DateInterval('P100Y');

If you set it to, i.e., P1Y, it is working. Something like:

return static::$tokensExpireAt
? Carbon::now()->diff(static::$tokensExpireAt)
: new DateInterval('P1Y');

The same holds true for the refresh token a few lines below:

return static::$refreshTokensExpireAt
? Carbon::now()->diff(static::$refreshTokensExpireAt)
: new DateInterval('P1Y');

And this is for the Personal Tokens: And also in PassportServiceProvider.php line 84, concerning the Personal Tokens:

$server->enableGrantType(new PersonalAccessGrant, new DateInterval('P1Y'));

Hope it helps ! :)

Chathula

@doublep , it gives another error.. you can't delete the public client token from ui genarated by Vue and Passport.

doublep

Could you tell me more? Do you get any error? If you check at firebug (or any equivalent), what is the error that you get?

twiggy99

Nope no error are thrown or recorded in the error log, auth just fails. The problem is with DateInterval('P100Y') as pointed out. This must be a Windows issue, I don't get the error on Linux. Changing to DateInterval('P10Y') works fine.

@doublep can you please explain why P100Y fails and why your fix P1Y (I did P10Y) works?

afief

same with me, i just edit PassportServiceProvider.php at row

$server->enableGrantType(
    new PersonalAccessGrant, new DateInterval('P100Y')
);

to

$server->enableGrantType(
    new PersonalAccessGrant, new DateInterval('P1Y')
);

and it works, thanks.

fero
fero
10 months ago (22,310 XP)

Did you check app\Providers\RouteServiceProvider.php ?

in the mapApiRoutes() you can set the middleware. check to make sure its auth:api. if its not, change it. also, remove the auth middleware from the route api.php file.

fero

Did you check app\Providers\RouteServiceProvider.php ?

in the mapApiRoutes() you can set the middleware. check to make sure its auth:api. if its not, change it. also, remove the auth middleware from the route api.php file.

jasondavis

@fero I have been messing with this on and off for several months now as my protected API routes always return unauthenticated when sending the Bearer token in the request header.

I tried several things mentioned online from my research but nothing worked! That is until I saw your post and it finally works on my end thank you so much!

My issue was in the app\Providers\RouteServiceProvider.php file where it had api as the middleware in the mapApiRoutes() function. I changed it to auth:api in the function like you mentioned and it works great now! Thank you and its sad that I have not seen this mentioned anywhere after hundreds of articles, github issues, stackoverflow questions, etc on this very issue, this is the first I have ever seen this mentioned and it was the problem all along.

Sign In or create a forum account to participate in this discussion.