Problem with API authentication on a production website

From your thread I guess you're using Passport. Are you sure you have everything configured correctly? Using the correct redirect url, using a new token etc?

What web server are you using? If it’s Apache have you configured mod_rewrite to pass the authorisation token in your virtual host?

It is stripped by default which can cause the error you are seeing

@bobbybouwmann yes I'm using Passport, I did check the files multiple times and I can't see anything I'm missing and I requested a new token aswell with no luck. @D9705996 Its Apache I think, do you know where and how I could do that I do have access to the cpanel

@MohamedElidrissi - In your virtualhost you need to add rewrite rules about HTTP AUTHORIZATION. Below is from my working config.

<VirtualHost *:80>
  DocumentRoot "/var/www/html/public"

  <Directory "/var/www/html/public">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Require all granted

    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
    RewriteBase /
    RewriteRule ^index\.html$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.html [L]

  </Directory>
</VirtualHost>

Try this with passport and see if you are still having issues. Just remember to restart apache so the changes take effect

@D9705996 is it really necessary to restart the server since like I already mentioned this is a running production website. Will it work if I added

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

In .htaccess and then restart the server because I already tried without restarting but now I was getting this response

{
    "message":"Server Error."
}

You should be able to add to an htaccess I just prefer in the virtual host. Can you provide details of the error from either apache logs or storage/logs/laravel.log as somethings blowing up in the backend

2018-10-06 09:58:38] production.ERROR: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'api_token' in 'where clause' (SQL: select * from `users` where `api_token` = eyJ0eXAiOiJKV... limit 1) {"exception":"[object] (Illuminate\Database\QueryException(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'api_token' in 'where clause' (SQL: select * from `users` where `api_token` = eyJ0eXAiOiJKV1... limit 1) at /home/visionar/visionarywritings/vendor/laravel/framework/src/Illuminate/Database/Connection.php:664, PDOException(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'api_token' in 'where clause' at /home/visionar/visionarywritings/vendor/laravel/framework/src/Illuminate/Database/Connection.php:326)
[stacktrace]

This is the error on laravel.log when I add the lines to the .htaccess without restarting the server, if I remove them no error happens. I did trim the token as its too long

Have you run php artisan migrate on your live database? You look to be missing the required fields

https://laravel.com/docs/5.7/passport#installation

@D9705996 yeah I did, all the auth_... tables where created

The problem is you don't have an api_token column on your users table.

I've had a look through the documentation and passport github page and don't see anything. Is this something you have added?

@D9705996 no I had no idea that's even needed its not mentioned anywhere and even in my local database where everything is working fine I can't see an api_token in the users table

@D9705996 OMG I solved it all I ever needed was to run this

php artisan config:cache

I really hate myself sometimes. Thank you so much for all your time.