Laravel /passport and postman gets all the time ⌚ unauthorised

But, are you trying to authenticate Postman as a Client or with the Personal Token method?

As I posted here: https://laracasts.com/discuss/channels/laravel/laravel-passport-personal-token-failing-validation-exp0

I'm trying with Personal Token, just like Taylor does in his video. About to lose my mind now! :(

@gbdematos I am trying bouth But no success :(

A user provided a way to bypass this problem:

https://github.com/laravel/passport/issues/47

It worked for you? Because for me is still not working.

@ovidiu_dtp Last 4days, I was trying to figure out problem. But at last, I figure it out, I had problem with files, all.js and bootstrap.js inside resources/assets/js

I had mixed up order of script loading! Your package.json should look, like this!

{
  "private": true,
  "scripts": {
    "prod": "gulp --production",
    "dev": "gulp watch"
  },
  "devDependencies": {
    "bootstrap-sass": "^3.3.7",
    "gulp": "^3.9.1",
    "jquery": "^3.1.0",
    "laravel-elixir": "^6.0.0-9",
    "laravel-elixir-vue": "^0.1.4",
    "laravel-elixir-webpack-official": "^1.0.2",
    "lodash": "^4.14.0",
    "vue": "^1.0.26",
    "vue-resource": "^0.9.3"
  }
}

app.js inside resources

/**
 * First we will load all of this project's JavaScript dependencies which
 * include Vue and Vue Resource. This gives a great starting point for
 * building robust, powerful web applications using Vue and Laravel.
 */

require('./bootstrap');


// import Turbolinks from 'turbolinks';
// Turbolinks.start();

/**
 * Next, we will create a fresh Vue application instance and attach it to
 * the body of the page. From here, you may begin adding components to
 * the application, or feel free to tweak this setup for your needs.
 */
Vue.component('example',
    require('./components/Example.vue')
);
Vue.component(
    'passport-clients',
    require('./components/passport/Clients.vue')
);

Vue.component(
    'passport-authorized-clients',
    require('./components/passport/AuthorizedClients.vue')
);

Vue.component(
    'passport-personal-access-tokens',
    require('./components/passport/PersonalAccessTokens.vue')
);

const app = new Vue({
    el: 'body'
});

bootstrap.js inside resources

window._ = require('lodash');

/**
 * We'll load jQuery and the Bootstrap jQuery plugin which provides support
 * for JavaScript based Bootstrap features such as modals and tabs. This
 * code may be modified to fit the specific needs of your application.
 */

window.$ = window.jQuery = require('jquery');
require('bootstrap-sass');

/**
 * Vue is a modern JavaScript library for building interactive web interfaces
 * using reactive data binding and reusable components. Vue's API is clean
 * and simple, leaving you to focus on building your next great project.
 */

window.Vue = require('vue');
require('vue-resource');

/**
 * We'll register a HTTP interceptor to attach the "CSRF" header to each of
 * the outgoing requests issued by this application. The CSRF middleware
 * included with Laravel will automatically verify the header's value.
 */

Vue.http.interceptors.push((request, next) => {
    request.headers['X-CSRF-TOKEN'] = Laravel.csrfToken;

    next();
});

/**
 * Echo exposes an expressive API for subscribing to channels and listening
 * for events that are broadcast by Laravel. Echo and event broadcasting
 * allows your team to easily build robust real-time web applications.
 */

// import Echo from "laravel-echo"

// window.Echo = new Echo({
//     broadcaster: 'pusher',
//     key: 'your-pusher-key'
// });

Then run npm install in your console then run gulp

And your all.js file should be good,

Then yor js side, should be good! Before, then ofcours, you should do all this

and all of this

And all should be good!

But before, just create new Laravel 5.3 installation, and try all there if it works in default installation, if all good, bring it to your existing app.

Hello, My JS files already look like that, and I followed the docs for installing Laravel 5.3 and Passport. I made the changes suggested in that github post, but still, is not working when I try to call the API from Postman using the personal token. I can't find the reason why that is. I will need to inspect the code in the package and try to figure it out, because it looks like there are no answers anywhere at this point.

Looks like there was something I was missing. In order for this to work, you do need at least one scope. If you do not add in the service provider a Passport::can, it would not work. That was my mistake. Now it works!

@ovidiu_dtp If you edited P100Y to P1Y in all that 3 places then, you need to regenerate tokens!

when you regenerate tokens, go to postmen and try first use AUthorization type OAuth2.0

Fill in the form And get your key!

When you do it click on it and check expires_in if it has - in front thats mean, that this key is already expired, because of Y2038 PROBLEM

**P100Y to P1Y ** and need to recheck these places in your app!

Use this Token in Header and check connection! If with, OAuth2.0 all works, and you get user info back, proceed to Step 2

Personal Access Token

Generate new one, copy it.

And in headers do not forget to add

Authorization = Your key

Accept = application/json

The problem is that, you need to add in front of key word **Bearer **

Bearer key

After Bearer should be space.

And it should work!

@roulendz I did all that. I figured that I could get away with not needing a scope for now, so I did not use one. And I expected it to give access to everything. Because in my case, if the user is authenticated, it will have access to all the information. At this point, I have no use for scopes. Maybe in future, I will. However, if you do not have at least a scope that grants access to everything, doing the changes you mentioned, is not enough. It will not work. The default is to not give you access if no scopes are defined. In a way, it makes sense to be that way. Thanks for the advice.

The only token I can get working is a Personal Access. Neither password grant, or just requesting one works and I get the same Client authentication failed / Unauthorized Message.

    public function boot()
    {
        $this->registerPolicies();

        Passport::routes();

        Passport::pruneRevokedTokens();
        Passport::tokensExpireIn(Carbon::now()->addDays(15));
        Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));

        Passport::tokensCan([
            'provision' => 'Provision Test',
        ]);
    }
}

Should be fine right? You're saying a scope is required?

@ovidiu_dtp Hi, I have registered a scope... and i still get unauthenticated :( any more ideas ?

Do you put "Bearer " before the token in postman? Notice the space! It may be that. If it still fails, I suggest you should go in your api routes and disable the middleware by commenting it out, and change the callback to return the request, instead of the user. See if is something strange with that. Then put the middleware back and

dd('something');

on the path of execution and see where you stop getting the something, then try to figure out why. See if it uses the right guard. Make sure there is no typo in any config array. I can't think of anything better right now. If all fails, try to start a new project and follow the tutorial presented by Taylor. But make sure you do it exactly as he does and you put all things where they should be. It may be that you just missed a small detail somewhere.

Someone on the Larachat put me onto this, but I think that a lot of this is likely related to the environment you're working it.

If you using Laragon or any other Apache based environment it may not be passing the auth headers to the server.

If I have this on my staging server that's using NGINX Passport works flawlessly but if I am using it on my Laragon dev it fails.

Something to keep in mind...

I can't get the passport grant working with PAW. Still get Unautherized

What I checked:

- Went over the docs multiple times

- Tried the expire date fix

- Tried with Scope

- Tried on Valet, Homestead and Forge/Digital Ocean

- Added 'Bearer ' before the token

I looks like the Authorization header is being stripped, if dd($request), it still has the Accept header but not the Authorization header.

Anyone has more success?

Thanks in advance!

I don't know why but when I looked at the dd($request), the Authorization header was written "authorization--". It seems PAW adds invisible -- if it tries to do autocomplete.

Me too! all the online solutions I read is telling me to switch to Nginx but I want to fix this Authorization header issue in Passport with Apache!

@polarcubs

Do you put Bearer- before your auth token?

Bearer- and here goes key

I was pulling my hair out with Paw. I was getting unauthorised no matter what I tried. Turned out Paw was adding some extra spaces after the "Authorization" header name. I think it does this when it autocompletes header names. So double check that hasn't happened to you as well.

@ROULENDZ @polarcubs add this to your htacess

RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

solves my problem when using POSTMAN seems like Authorization Header is block by a module in apache.

Thanks @llamorin.jason the new .htaccess rule sorted me out.

Weirdly I had previously implemented exactly the same approach on another site on my development environment, all the apache settings are the same, and it worked on the first site without any .htaccess modification, but not on the second.