Reputation: 135
Laravel passport scope middleware return 401
I followed Laravel documentation and successfully installed Passport. Everything is working fine but when i want to protect routes by scope middleware i always get 401 unauthorized.
When i change the middleware to auth:api everything is ok.
I checked the request headers and Bearer always present.
Any idea about why auth:api middleware works but scope middleware doesn't?
Upvotes: 0
Views: 569
Answers (1)
Reputation: 676
Actually you would need to use both to make this work. You should leave auth:api for entire API group (this will verify token and find out to which user it belongs), and additionally define set scope (or scopes) middleware for routes you want to secure with specific scope. For example:
Route::group(['prefix' => 'api', 'middleware' => ['auth:api']], function () {
Route::get('/route-for-any-scope', 'Api\YourController1@index');
Route::get('/route-for-scope1-only', 'Api\YourController2@index')->middleware('scope:scope1');
}
The above assumes, you have scope/scopes middleware registered in $routeMiddleware as per documentation.
Upvotes: 2
Related Questions
- Laravel Passport API call always return Unauthenticated
- Laravel Passport Not Returning Token
- Login using passport not return bearer token instead - Laravel 8
- laravel passport optional authentication
- Laravel Auth Middleware "auth:api"
- Laravel Passport and Angular giving me unauthorized on api/login route but works fine on postman?
- Laravel Middleware - Skip Passport Auth
- Laravel API passport - Unable to login
- Laravel Passport "auth:api" middleware acts as "web, auth" middleware
- Laravel 5.4 401/Unauthenticated using Passport and multiple token types