Level 88
Did you create a personal access client? You can read more about it in the docs.
Documentation: https://laravel.com/docs/7.x/passport#creating-a-personal-access-client
Apr 3, 2020
10
Level 1
Laravel API authentication return {"message": "Unauthenticated."} but not user data.
I am new to Laravel and I am doing a react-native program with Laravel backend. In this case, the data table that I used is the Member table but not the user table. I can successfully log into the react-native by member email & password, but fail to get the data from user Laravel. It returns
{"message": "Unauthenticated."}
APIAuthController
public function login(Request $request)
{
$validator = Validator::make($request->all(), [
'email' => 'required|email',
'password' => 'required',
]);
if ($validator->fails()) {
return response()->json(['error'=>$validator->errors()], 401);
}
$credentials = $request->only('email', 'password');
if(Auth::guard('member-api')->attempt($credentials))
{
$user = Auth::guard('member-api')->user();
$success['token'] = $user->createToken('asApp')->accessToken;
return response()->json(['success' => $success], 200);
}else {
return response()->json(['error'=>'Email or password incorrect'], 401);
}
}
public function user()
{
return response()->json(['user' => Auth::guard('member-api')->user()], 200);
}
The login function is work and return the accesstoken
api.php
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
Route::post('login','APIAuthController@login');
Route::post('register','APIAuthController@register');
Route::group(['middleware' => 'auth:member-api'], function(){
Route::post('user', 'APIAuthController@details');
});
auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
'member-api' => [
'driver' => 'session',
'provider' => 'members',
],
],
Here is React Native function is u need.
fetchUserInformation = async () => {
const token = await AsyncStorage.getItem('id_token')
console.log(token)
const response = await fetch('http://192.168.0.025:8888/api/user', {
method: 'GET',
headers:{
'Accept': 'application/json',
'Content-Type': 'application/json',
'Authorization': 'Bearer '. token
}
});
const user = await response.json();
console.log(user)
}
I have tried many way but still can't solve. Anyone facing this problem before? Its about return of user. I can provide anything else that you think is affected.
Level 1
I just realised i set my guards of member-api driver as session. If I change it to passport, the login cannot even work because (Method attempt does not exist.). Any way to solve the attempt function
Level 1
The personal access client is a must, right? I think I forgot about it.
Level 88
Yeah, the client is a must. That's how Passport is setup ;)
Level 1
I got another problem is I just realized my guard is set to session. After I change it back to passport.
$credentials = $request->only('email', 'password');
if(Auth::guard('member-api')->attempt($credentials))
{
$user = Auth::guard('member-api')->user();
$success['token'] = $user->createToken('asApp')->accessToken;
return response()->json(['success' => $success], 200);
}
This function cannot work and return
BadMethodCallException: Method attempt does not exist. in file D:\fypLaravel\vendor\laravel\framework\src\Illuminate\Support\Traits\Macroable.php on line 96
Level 88
Correct, the member-api guard doesn't have a token, so this won't work... You need to use passport here.
Level 1
I don't really understand what you explaining, can u provide some examples or teach me how to solve the problem?
Level 1
what I mean is why the checking function if(Auth::guard('member-api')->attempt($credentials)) cannot work after I set the member-api driver to passport.
Level 3
I had the same problem because the column provider of the oauth_client table was filled. Replacing everything by null fixed the issue.
Level 80
@devondahon You shouldn’t be manually updating clients. Create the appropriate client you need using the passport:client Artisan command. You could be introducing security vulnerabilities to your application by just setting the provider to null.
Please or to participate in this conversation.