Laravel passport returning Unauthenticated in production but works on localhost

Question

I have a laravel project that works very well on an X server and put that same project (same code) on another Y server, to my surprise the authenticated routes didn't work, I always get the unauthenticated error, why does this happen?

{
  "message":"Unauthenticated.",
  "success":false,
  "status_code":500
}

I used the commands: - php artisan passport: install - php artisan config: cache - php artisan cache: clear - php artisan key: generate

And yet I still get the unauthenticated error, the token is being passed correctly by the front end, it's a bearer token, this token is generated when the user logs in using the createToken ('myApi') -> accessToken method

public function login(AuthLoginRequest $request)
{
    $user = User::with('role')->where(['email' => $request->email])->get()->first();
    if(!$user){
        abort(404, 'userNotFound');
    }

    if(!password_verify($request->password, $user->password)){
        abort(401, 'invalidCredentials');
    }

    $token = $user->createToken('MyApiToken')->accessToken;
    Access::customCreate($request->all(), $user);

    $response = [
        'id' => $user->id,
        'name' => $user->name,
        'email' => $user->email,
        'profile_image' => $user->profile_image,
        'token' => $token,
        'old_password_changed' => $user->old_password_changed
    ];

    return response()->json($response, 200);
}

The login code works perfectly, it returns me the Bearer token, but after sending any request with this token I get the Unauthenticated error. Where am i going wrong? Since the same code works on another server.

Answer 1

Sometimes it maybe the permission issues, give the full access to storage and cache folder will do the trick, if your sever is Linux based.

sudo chmod -R 777 storage bootstrap/cache

Answer 2

Put these lines into your .htaccess file it will definitely work

Handle Authorization Header

RewriteCond %{HTTP:Authorization} RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Answer 3

I have a solution.

What was the problem?

For some reason, the Apache server has modules that ignore the Authorization header, say it's for security (and I don't doubt it).

How did I solve it?

I simply disabled the following modules in the Apache settings:

• mod_cgid
• mod_fcgid
• mod_proxy_scgi

And in the httpd.conf file I added the line (Linux/CentOS 7.6):

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Answer 4

I suspect there may be the CORS (Cross origin resource sharing). Please provide more info on consuming the API's, is your front-end (Client) in same domain? than there will be no CORS issues, but if you are front-end is in different domain than check the console of browser in front-end. if still the issue persists than try de-bugging the Laravel it self.

I have faced similar issue. Adding following things fixed the issue for me. in app/Providers/AppServiceProvider.php

public function boot()
    {
        Passport::withoutCookieSerialization();
    }

and also in app/Providers/AuthServiceProvider.php

 public function boot()
    {
        $this->registerPolicies();
        Passport::routes();
        Passport::$ignoreCsrfToken = true;
    }

Edit : My front-end is React js and i am using axios http client to make the API calls , so i added the following headers. I am saving the token in local storage some thing like this

const token = localStorage.getItem('authKey');
config = {
            'Accept' : 'application/json',
            'Authorization' : `Bearer ` + token
        }
URL = 'your-api-url';

axios.get(URL, {headers : config})
            .then(res => {
              if (res.data && res.data.status === 1) {

              } 

            })
            .catch(e => {console.error(e); throw e;});
        }