Always got "message": "Unauthenticated." - Laravel Passport
I had find many tutorial this whole day. And my setup is exactly the same as all the basic tutorial out there.
Currently, i'm able to access http://localhost/oauth/token with successfully return token to me.
After that, i'm using ARC (Advanced Rest Client) to do the testing of calling my own api.
I had passed header such as
Authorization: Bearer the_token_here
accept: application/json
From that header, I just wanted to access the default API provided by laravel /user.
But, I always got response of { "message": "Unauthenticated." }
Refer this tutorial https://itsolutionstuff.com/post/laravel-5-how-to-create-api-authentication-using-passport-example.html
I'm able to do login as per tutorial, but i'm unable to get data by endpoint details. It returning response of { "message": "Unauthenticated." }
My route of api.php
Route::group(['prefix' => 'v1', 'middleware' => 'auth:api'], function(){
Route::get('/user', function( Request $request ){
return $request->user();
});
});
By the way, there are no error message in laravel.log and i had set to Debug mode
UPDATE Thanks to Comment point out by Mayank
League\\OAuth2\\Server\\Exception\\OAuthServerException: The resource owner or authorization server denied the request. in /.../vendor/league/oauth2-server/src/Exception/OAuthServerException.php:173
Stack trace:
#0 /.../vendor/league/oauth2-server/src/AuthorizationValidators/BearerTokenValidator.php(59): League\\OAuth2\\Server\\Exception\\OAuthServerException::accessDenied('Missing "Author...')
#1 /.../vendor/league/oauth2-server/src/ResourceServer.php(82): League\\OAuth2\\Server\\AuthorizationValidators\\BearerTokenValidator->validateAuthorization(Object(Zend\\Diactoros\\ServerRequest))
#2 /.../vendor/laravel/passport/src/Http/Middleware/CheckClientCredentials.php(46): League\\OAuth2\\Server\\ResourceServer->validateAuthenticatedRequest(Object(Zend\\Diactoros\\ServerRequest))
Answer
In order to get detail error message of the causes, you need to go to CheckClientCredentials class detail as below
public function handle($request, Closure $next, ...$scopes)
{
$psr = (new DiactorosFactory)->createRequest($request);
try {
$psr = $this->server->validateAuthenticatedRequest($psr);
} catch (OAuthServerException $e) {
error_log($e->getHint()); // add this line to know the actual error
throw new AuthenticationException;
}
$this->validateScopes($psr, $scopes);
return $next($request);
}
Based on the error message. in my question.
The solution is adding this to .htaccess of root folder (not only inside the public folder)
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
There's also a note in the official documents refer here
Without above configuration, the Authorization header will be ignored during call from anywhere to app. Once ignored, inside class will unable to retrieve this header data