CODEWITHSUNDEEP
laravel-5corsjwt
Jason Spick
Jason Spick

Reputation: 6088

Reading Authorization header for JWT Token using Laravel 5, CORS, and JWTAuth

I'm having a really hard time figuring this out. I am using JWTAuth on my Laravel 5 API and I'm having a problem with the token being read. This is what I know and tried:

I have set my CORS configuration to allow all headers for my API path:

    return array(
    'defaults' => array(
        'supportsCredentials' => false,
        'allowedOrigins' => array(),
        'allowedHeaders' => array(),
        'allowedMethods' => array(),
        'exposedHeaders' => array(),
        'maxAge' => 0,
        'hosts' => array(),
    ),

    'paths' => array(
        'api/*' => array(
            'allowedOrigins' => array('*'),
            'allowedHeaders' => array('*'),
            'allowedMethods' => array('*'),
            'maxAge' => 3600,
        ),
        '*' => array(
            'allowedOrigins' => array('*'),
            'allowedHeaders' => array('Content-Type'),
            'allowedMethods' => array('POST', 'PUT', 'GET', 'DELETE'),
            'maxAge' => 3600,
            'hosts' => array('api.*'),
        ),
    ),

);

I have added the following to apache's sites enabled conf file:

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

And I can see in Chrome tools that headers are being passed back with the correct token and in the correct format: Authorization : Bearer tokenstring

Can anyone see what I may be doing wrong? Does anyone know of issues with this?

Upvotes: 2

Views: 1816

Answers (2)

Yousef Altaf
Yousef Altaf

Reputation: 2763

in my AWS server EC2 I had to edit my /etc/apache2/apache2.conf file and at the very bottom, paste:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

and then in my .htaccess

RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

This worked as expected.

Upvotes: 0

Jason Spick
Jason Spick

Reputation: 6088

I see where my issue is. According to the documentation on the JWTAuth Github page:

Note to Apache users

Apache seems to discard the Authorization header if it is not a base64 encoded user/pass combo. So to fix this you can add the following to your apache config

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

I thought apache config meant the 000-default.conf file. I was in error. In fact this was suppose to be done in the .htaccess file. Once done... POOF, everything works!

Upvotes: 4

Related Questions