Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I've and App with API. In this app, there're a route for login via API, and get a new token for use with api midddleware auth.
I've tested with Postman and work fine
{
"success": true,
"data": {
"token": "3|TSYAMjT3MOhUh8A4M8e2thOwv89jvEjoUP279z56",
"name": "Admin"
},
"message": "User signed in"
}
When try to test
function call_api_login_return_token()
{
$password = bcrypt('password'); // Also tried Hass::make('password')
$user = User::factory()->create(['password' => $password]);
$params = [
'email' => $user->email,
'password' => $password
];
$response = $this->postJson('api/login', $params, ['Accept' => 'application/json']);
$response->dump();
}
Get error Unauthorised
{#1749
+"success": false
+"message": "Unauthorised"
+"data": {#1752
+"error": "Unauthorised"
}
}
I've tried check database test (deactivate refresh) and user is correct.
$password = bcrypt('password');
$params = [
'email' => $user->email,
'password' => $password,
];
$this->postJson('api/login', $params)
You have to send unhashed password, something like
$params = [
'email' => $user->email,
'password' => 'password',
];
You are trying to login with the hashed password, rather than the unhashed (original) value:
$params = [
'email' => $user->email,
// 'password' => $password
'password' => 'password',
];
Please or to participate in this conversation.