Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

FlyingWalrus's avatar

oAuth with Passport keeps sending me to login form

I setup Laravel (5.4) with Passport (4.0) as described in the documentation. Now when trying an oAuth authentication for the api, I am always getting redirected to the login form.

I was not sure if the necessary header has to be Authorization or Authorization-Content (like I read in other forums posts/examples) so I tried each and even both - but without success.

I hope someone is able to point me the right way.

Here are the files used:

my Laravel routes (routes/api.php)

Route::middleware('auth:api')->get('/user', function (Request $request) {
    return $request->user();
});

a client script to test the api

#!/usr/bin/env php
<?php

require 'vendor/autoload.php';

function strLimit($s, $length)
{
    if(strlen($s)>$length)
    {
        $s = substr($s, 0, $length) . '[...]';
    }
    return $s;
}

$client = new GuzzleHttp\Client;

$formParams = [
    'grant_type' => 'client_credentials',
    'client_id' => 1,
    'client_secret' => 'wYzzV5S3sOSaoltd2Bd5yQQHnZs8MvRbnyfCuYN0',
    'redirect_uri' => 'http://search.local/auth/callback'
];

try
{
    $response = $client->post('http://search.local/oauth/token', [
        'form_params' => $formParams
    ]);

    $auth = json_decode( (string) $response->getBody() );
    echo "received auth data\n--------------------------\n";
    var_dump($auth);

    $response = $client->get('http://search.local/api/user', [
        'headers' => [
            'Authorization-Content' => $auth->token_type . $auth->access_token,
            'Authorization' => $auth->token_type . $auth->access_token,
            'Content-Type' => 'application/json',
            'Accept-Encoding' => 'application/json'
        ]
    ]);

    echo "received user data\n--------------------------\n";
    echo $response->getStatusCode() . "\n";

    echo "\n";
    $headers = $response->getHeaders();
    foreach ($headers as $key => $value) {
        foreach ($value as $line) {
            echo $key . ' : ' . $line . "\n";
        }
    }
    echo "\n";
    echo strLimit($response->getBody(), 200) . "\n";

    $user = json_decode( (string) $response->getBody() );


} catch (GuzzleHttp\Exception\BadResponseException $e)
{
    if ($e->hasResponse()) {
        echo $e->getResponse()->getStatusCode() . "\n";

        echo "\n";
        $headers = $e->getResponse()->getHeaders();
        foreach ($headers as $key => $value) {
            foreach ($value as $line) {
                echo $key . ' : ' . $line . "\n";
            }
        }
        echo "\n";
        echo strLimit($e->getResponse()->getBody(),200) . "\n";
    }
}

This is the output (as you can see the token was issued properly, but somehow I get redirected to the login page)

received auth data
--------------------------
/srv/apiclient/client.php:32:
class stdClass#31 (3) {
  public $token_type =>
  string(6) "Bearer"
  public $expires_in =>
  int(1296000)
  public $access_token =>
  string(1070) "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjEwY2RhOGUwYzk4N2E1Y2RkNDg5NmFmNzBiODMyYWRmYjAwYTljNTAwYjYwNTQ2N2Q3YTcyMjZkNjdkMTRhYTkwMzAwZjcyMTE4ZjI0ZjE0In0.eyJhdWQiOiIxIiwianRpIjoiMTBjZGE4ZTBjOTg3YTVjZGQ0ODk2YWY3MGI4MzJhZGZiMDBhOWM1MDBiNjA1NDY3ZDdhNzIyNmQ2N2QxNGFhOTAzMDBmNzIxMThmMjRmMTQiLCJpYXQiOjE1MDQwODc2NzcsIm5iZiI6MTUwNDA4NzY3NywiZXhwIjoxNTA1MzgzNjc3LCJzdWIiOiIiLCJzY29wZXMiOltdfQ.eB3j5BGnFbP4Jj2w1ikDB1RmnkrzxD5lOnMHI2QbQWuxboaEKqE2LZRPPBUjJxjfJhOyzWs-upFVcSBgSIqX6Kc3S3RUdpLf9QiEpHWDA9FJP3GgEuVyGyR4IFZ_F"...
}
received user data
--------------------------
200

Date : Wed, 30 Aug 2017 10:07:57 GMT
Server : Apache/2.4.18 (Ubuntu)
Vary : Authorization,Accept-Encoding
Cache-Control : no-cache, private
Set-Cookie : XSRF-TOKEN=eyJpdiI6Ind0UzlNZkRmcURmdEF6RUE3ZXBtM2c9PSIsInZhbHVlIjoiQjkwSm1xYzhFajl2ajJBSWxraDkzRXBuK3VYeEp0dEJHNVFRd1o0UVhcL1VlV1wvR0NpMW8rMEdDS0hPN0NNdWZSR2tpdTJGWkVcL2JFckhZbyswVmZJQnc9PSIsIm1hYyI6ImExZjk4OTlkZTVjMjZkMjYxOTNkODk4Y2ViNWVmMjcxZTU4ZDE4MDliNzE4NDZmMjM1NTZiZDRkNjRiNTRhMDQifQ%3D%3D; expires=Wed, 30-Aug-2017 12:07:57 GMT; Max-Age=7200; path=/
Set-Cookie : laravel_session=eyJpdiI6InREajdtVWkrdU5CSmVJMTdlOFZYUWc9PSIsInZhbHVlIjoiY0xhRCtlTEVQOUNmOTVhNmhQK3I5aU9EUkpjd2hPeit3Ymo2cEJ6RU54Z1lhWWE1ZkNPT3ZDMURwZEpcL1JjVWw5RTM3WFwvMVVJa2R6TmRXRXVnQnppdz09IiwibWFjIjoiYWRmNjRmZjZkZWNlNTU0N2EwMjZkZDg4ZDljOWU3MjQ4YWJjMmFlZjgwNDA1YzIwZjQ3MzIyMDdkNzMzNDMwNyJ9; expires=Wed, 30-Aug-2017 12:07:57 GMT; Max-Age=7200; path=/; HttpOnly
Content-Length : 4452
Content-Type : text/html; charset=UTF-8

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <!-- CSRF Token -->
    <meta name="csrf-token" content="FIWBn7VkMCtJxSd7mmAvHQ0fo2nSLfpDvt8aL647">

    <title>Laravel</title>

    <!-- Styles -->
    <link href="http://search.local/css/app.css" rel="stylesheet">
</head>
<body>
    <div id="app">
        <nav class="navbar navbar-default navba[...]
0 likes
2 replies
bashy's avatar

*OAuth

oAuth looks so weird :D

ps1212's avatar
ps1212
8 years ago
Best Answer
Level 1

Everything okay, except headers issue when accessing the user account.

$response = $client->get('http://search.local/api/user', [
        'headers' => [
            'Authorization' => $auth->token_type .' '. $auth->access_token,
            'Content-Type' => 'application/json',
            'Accept' => 'application/json'
        ]
    ]);

Try this one.

2 likes

Please or to participate in this conversation.