Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

fero's avatar
fero
OP
7 years ago
Level 12

Upgrade to Laravel 5.7 problem consuming own API with Passport

Hi,

I just upgraded Laravel from 5.6 to 5.7 in my application and the only issue I discovered so far is the fact that any ajax request to my backend results in 401 Unauthorized. Everything worked fine on laravel 5.6.

I

  • ran the migrations (didn't have any though)
php artisan migrate
  • ran passport:install
php artisan passport:install
  • driver option of the api authentication guard (in config/auth.php) is set to 'passport'
'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],
    ],
  • the RoutesServiceProvider implements 'api' and 'auth:api' middlewares for the ApiRoutes
Route::prefix('api/v1')
            ->middleware(['api', 'auth:api'])
            ->namespace($this->namespace)
            ->group(base_path('routes/api.php'));
  • added CreateFreshApiToken::class to web middleware groups in app/Http/Kernel.php
protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
        ],

        ...
    ];

Also, all Axios requests have the correct headers set in resources/assets/js/bootstrap.js:

window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
let token = document.head.querySelector('meta[name="csrf-token"]');

if (token) {
    window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content;
} else {
    console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token');
}

I actualy ran all my migrations:fresh with seeders, cleared the cache but the darn thing still won't authenticate. Web links still work, I can authenticate in the application, I can even use Postman to make requests with a Barer token in the header and everything work. The only exception is consuming my own API from the front end.

Is there something I'm missing ?

Thanks in advance

0 likes
5 replies
fero's avatar
fero
OP
7 years ago
Level 12

Thanks for that info. My middleware was actually missing protected $addHttpCookie = true; but after I updated my class it still wasn't working.

I didn't want to waste more time on this so I just created a new laravel project and good old copy pasted my work from the old project to the new one, also the .git directory. 0 issues so... I don't know.... I couldn't find the problem with simply upgrading following the guide

Abi's avatar

There was a change to the cookie in laravel 5.6.30, this might be the problem

https://laravel.com/docs/5.6/upgrade

You might have to protected static $serialize = true; to the EncryptCookies middleware

1 like
koraykupe's avatar

I have the same issue, and unfortunately, none of the solutions works for me. Still investigating.

himanshurajvanshi's avatar

In which directory is your HintsApiController? Because it looks like you need to change

'namespace' => 'API' to

'namespace' => 'App\Http\Controllers\API'

Please or to participate in this conversation.