Level 51
The apache configuration I use that works in my virtualhost is
RewriteEngine On
RewriteCond %{HTTP:Authorization} .+
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Just remember to restart apache to apply the changes
Oct 3, 2018
6
Level 4
Laravel Passport Personal Access Token not working
Using Laravel 5.7 I installed passport according to the documentation and generated a personal access token, using
php artisan passport:client --personal
My controllers are as follows:
Route::resource('form.entries', 'API\FormEntryController')->only(['store', 'index', 'destroy'])->middleware('auth:api');
Route::resource('forms', 'API\FormController')->only(['index', 'store'])->middleware('auth:api');
Route::resource('form', 'API\FormController')->only(['show', 'destroy'])->middleware('auth:api');
my guards are set up as follows:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
I added use Notifiable, HasApiTokens; (and the heading definition) to my App.php model
I added Passport::routes(); to the end of my \App\Providers\AuthServiceProvider::boot() method
I also added
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
to my htaccess file
...
To generate the token I ran
me (master) formService $ php artisan passport:client --personal
What should we name the personal access client? [Bar Foo Access Client]:
> Foobar
Personal access client created successfully.
Client ID: 4
Client Secret: KKI1EoIXgrv2P9ydZTGa5VyimFJWbVPoRGmMCH0M
Then I make a request using postman ( i also exported the code for cURL in postman )
And get back:
{"message":"Unauthenticated."}
Here's my postman request translated using cURL
curl -X GET \
http://formservice.tst/api/forms \
-H 'Accept: application/json' \
-H 'Authorization: Bearer KKI1EoIXgrv2P9ydZTGa5VyimFJWbVPoRGmMCH0M' \
-H 'Cache-Control: no-cache' \
-H 'Postman-Token: 45295b86-7c66-d4a7-6bb6-3de142f042ac'
Anyone have any idea what I am doing wrong??
Level 4
@D9705996 this does not work I mentioned a similar rewrite rule in my OP, I tried yours too (and restarted apache) same issue
Level 51
@mg983 - I'm not an expert with mod_rewrite and noticed that your rewriteCond was missing the trailing + but not sure if it's important. The rest of what you are doing looks correct and I remember the apache config being the only problem area.
I don't have access at the moment to my config to dump you the whole vhost ( i can this in the morning) but looking at my original reply it not be correct. I looked at a couple of other solutions and this one seems awfully familiar.
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
If you want to give it a try and if it doesn't work I'll get back to you with my full vhost in about 12 hours
Level 51
@mg983 - See below for my VirtualHost configuration that works with passport (I have removed some of the unrelated config for websockets and SSL for brevity.
<VirtualHost *:80>
DocumentRoot "/var/www/html/public"
<Directory "/var/www/html/public">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</Directory>
</VirtualHost>
If this still does not work for you then it looks like the issue isn;t with apache but something in the code that we would need to diagnose.
Level 3
You've just created a Client which can create Personal Access Tokens. You now have to create a Token for a certain User. You can't authorize with the Client's secret directly.
Consult the Docs (https://laravel.com/docs/5.7/passport#personal-access-tokens).
Here is how passport itself creates Personal Access Tokens:
Level 51
@okaufmann - Good spot - I had wrongly assumed password_grant type and the token was the returned access_token
@mg983 - okaufmann's response should help out but there is no harm in using a known good mod_rewrite configuration :D
Please or to participate in this conversation.