Laravel Auth simple API always returning Unauthorized 401 error

Question

This is driving me crazy... All is suppossed to be correct and im ALWAYS getting unauthorized error in my API routes!!

Api.php routes:

Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();

});

RegisterController:

    protected function create(array $data)
{
    return User::create([
        'name' => $data['name'],
        'email' => $data['email'],
        'password' => Hash::make($data['password']),
        'api_token' => Str::random(80),
    ]);
}

Database:

Request:

Accept application/json is set:

I tried too using jquery to make the request with a query parameter api_key but it doesnt work either!!

I searched a lot and can't solve this. I have another fresh application with Laravel and auth and it works perfect but this project is old and i recently updated it to Laravel 7 and I don't know why this dont works.

More info:

Im using php artisan serve to serve the application.

My kernel.php:

<?php

namespace App\Http;

use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel { /** * The application's global HTTP middleware stack. * * These middleware are run during every request to your application. * * @var array */ protected $middleware = [ \App\Http\Middleware\TrustProxies::class, \App\Http\Middleware\CheckForMaintenanceMode::class, \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, \App\Http\Middleware\TrimStrings::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, ];

/**
 * The application's route middleware groups.
 *
 * @var array
 */
protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
        'auth:api',
    ],
];

/**
 * The application's route middleware.
 *
 * These middleware may be assigned to groups or used individually.
 *
 * @var array
 */
protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
    'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
    'can' => \Illuminate\Auth\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
    'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
    'language' => \App\Http\Middleware\GetRequestLanguage::class,
    'setLocale' => \App\Http\Middleware\SetLocale::class,
];

/**
 * The priority-sorted list of middleware.
 *
 * This forces non-global middleware to always be in the given order.
 *
 * @var array
 */
protected $middlewarePriority = [
    \Illuminate\Session\Middleware\StartSession::class,
    \Illuminate\View\Middleware\ShareErrorsFromSession::class,
    \App\Http\Middleware\Authenticate::class,
    \Illuminate\Routing\Middleware\ThrottleRequests::class,
    \Illuminate\Session\Middleware\AuthenticateSession::class,
    \Illuminate\Routing\Middleware\SubstituteBindings::class,
    \Illuminate\Auth\Middleware\Authorize::class,
];

}

Thank's you... I hope you can help me...

Answer 1

It's because you are not sending the Authorization token with your request.

If you have your token, then include the authorization in the header of your request

axios({method: 'get', url: 'api/user', headers: {
      'Authorization': 'Bearer ' + yourToken,
    }})
    .then((response)=>{ 
      console.log(response.data)
    })

I say this because there's usually additional steps for the api to work, but if it works in your get parameter, then thats all you need

OR better still, pass it by default for all request

//js/main.js

axios.defaults.headers.common = {
    'X-CSRF-TOKEN': your_csrfToken,
    'X-Requested-With': 'XMLHttpRequest',
    'Authorization': 'Bearer ' + yourToken,
    
};

Answer 2

I found the solution.

When I upgraded from Laravel 6 to 7 I didn't change this in auth.php:

from 'hash' => 'false' to 'hash' => false, without quotes... This nonsense gave me a headache and finally I found that it causes the problem.

        'api' => [
        'driver' => 'token',
        'provider' => 'users',
        'hash' => false,
    ],

Answer 3

you just need to send your token as Body in postman like this example picture of sending authentication by postman you must send your token in body(form data) and the key of your token must be api_token