Laravel Passport auth issues in Postman testing

How are you doing the bearer token? I would do something like"

Accept          application/json
Authorization   Bearer klhkljnrvevaevjievjqpjvqvjpjvqp48975834753nkc;aswhateverelse

send those as headers with the request in Postman.

Yes i'm doing exactly that, that's why im pulling my hair out

Do check things:

1. Check your URL its not yourdomain.com/sales, your API routes will have yourdomain.com/api/sales default  prefix.

2. config/auth.php api driver set to passport.

3. Which grant type are you using?

4. Check your sales SalesController might have any other filter inside controller construct function.

5. Make sure your token was not expired, add this in your app/providers/authserviceprovider.php

<?php

namespace App\Providers;
use Laravel\Passport\Passport;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Carbon\Carbon;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The policy mappings for the application.
     *
     * @var array
     */
    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
    ];

    /**
     * Register any authentication / authorization services.
     *
     * @return void
     */
    public function boot()
    {
        $this->registerPolicies();
        Passport::routes();
        Passport::tokensExpireIn(Carbon::now()->addDays(30));
        Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
        
        //
    }
}

Hi, have you set your api guard driver to 'passprot'?

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],
    ],

thank you all - i feel like i've checked and rechecked all your points and its still not working.

but a really silly question - after i request /oauth/token, the token coming back does not appear in the DB at all ? Shouldn't it be in the oauth_access_tokens as clear text ?

I do have one token in there, however the id is a different string to the one that I got from /oauth/token route - is that because its encrypted differently ?

Other than that, I dont see any other tokens that look like the one I got back in any of the oauth tables ??

so am i doing this right:

1. created oauth_client "password_client" = 1, in the oauth_clients table
2. request /oauth/token, using client id, secret created in (1), with "client_credentials"
3. paste the returned "access_token", into "Authorization" as "Bearer ......" in my /api/sales route

?

ok i'm definitely confused - i just changed the api route to :

  Route::get('/sales', 'SalesController@index')->middleware('client');

before it was

  Route::get('/sales', 'SalesController@index')->middleware('auth:api');

Everything seems to work!

i'm still awfully confused though because the docs clearly state

Passport includes an authentication guard that will validate access tokens on incoming requests. Once you have configured the api guard to use the passport driver, you only need to specify the auth:api middleware on any routes that require a valid access token

So i really dont know what it should be - it seems to be working now but is it safe ? I logged out of the front end and tried accessing the routes and it seemed to be protected but what is correct here?

in fact - no it doesn't work - now the front end doesn't work giving 401 unauthorized !! (even though the page loads)

So either I get the front end to work with 'auth:api' middleware, or testing in postman to work with 'client' middleware - but not both !!

:D

I know it sounds crazy and probably a lot obvious, and it's a late reply. But when using Postman be sure the Token you're using is the same as the one provided.

In Postman use the "Raw" response data not the one from "Pretty" to set your token. When I used "Pretty" it did not work and I was tearing my hair out. Using the "Raw" output it all worked seamlessly.