Level 41
For Auth::user(), the user information is kept in the session.
When you are doing a curl, there is no session. So Auth::user() is null
Jul 12, 2017
6
Level 1
API call with cURL resolves Auth::user() to NULL while HTTP call in browser works fine
Hello, I am really stuck on this weird thing. I made API calls, routes etc, and it all works fine when I test it in browser. For example this
http://appsforce.back/api/v1/100000001/env
Returns
{"code":200,"message":"Request was succesfull","data":{"host":"127.0.0.1","dbuser":"root","dbpassword":"","dbprefix":"back_"}}
While:
$url = $_SERVER['HTTP_HOST'] .'/api/v1/100000002/env';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HTTPGET, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response_json = curl_exec($ch);
curl_close($ch);
$response=json_decode($response_json, true);
Returns same result. So far is so good if I don't use in my code call to Auth::user();
So this is the code that returns result:
$user = \Auth::user();
$env = array(
'host' => $_ENV['DB_HOST'],
'dbuser' => $_ENV['DB_USERNAME'],
'dbpassword' => $_ENV['DB_PASSWORD'],
'dbprefix' => $_ENV['DB_PREFIX']);
$response = array(
'code' => 200,
'message' => $this->codes['200'],
'data' => $user,
);
return $response;
If I put 'data' =>$user this returns NULL, while 'data' => $env returns correct $_ENV settings when called via cURL.
For my APIs I need to use \Auth::user() and I just cannot get it to work through cURL while HTTP calls in browser work just fine and the user is returned:
{"code":200,"message":"Request was succesfull","data":{"id":10,"username":"afabris","firstname":"Andre","lastname": .....
many thanks, Andre
Level 1
Ok, that makes sense, so how do I work around it?
Level 41
While I dont know that very well, i think for Api you can use token for authentification.
Have a look at https://laravel.com/docs/5.4/passport
Level 1
Hm, I actually do not need and cannot use tokens. I log in user in Laravel, and manage their access to external applications. So external application should call APIs in Laravel, and fetch the environment settings as well as logged in user, their roles etc. When the external application starts it does not know the logged in user and cannot get its token.
External application is on the same server, and it has access to the session, and I wanted to use cURL to fetch some data. As you said there is no session in cURL, and therefore stuff like Auth::user() fails. I need to somehow use the same session in cURL call, or use some alternative to cURL which would maintain the same session. I googled this extensively, tried a number of ideas, but still failed. Any ideas are welcome :)
I have no idea is it at all possible to fetch the user token based on session info that I have in external information.
Level 47
Are these external applications on the same domain as the Laravel application the user is logging into? If not then they will not have the same cookies and thus cannot share session data.
Assuming the applications do share cookies you would have to add the current session cookie to the request.
The name of the cookie is defined in the session.php config file and defaults to laravel_session.
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Cookie: laravel_session={$_COOKIE['laravel_session']}"));
Level 1
Many thanks guys for your help. Adding cookie was part of the solution. I also had to edit auth.php, to use session as a driver for APIs as well:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'session',
'provider' => 'users',
],
],
Please or to participate in this conversation.