jwt-auth icon indicating copy to clipboard operation
jwt-auth copied to clipboard

Published 20 hours ago verified publisher icon tymondesigns

Always return Unauthenticated in multiple auth guard

Open pandeptwidyaop opened this issue 6 years ago • 16 comments

Subject

I have followed all the steps in the JWT documentation, when I login and get access_token and try to access the route I always get an Unauthenticated message.

Environment

Q A
Bug? no
New Feature? no
Framework Laravel
Framework version 5.7.25
Package version 1.0.0-rc.3
PHP version 7.2.10

api.php

Route::group(['prefix' => 'auth'], function($q){
    Route::post('login','AdminController@login');
    Route::post('me','AdminController@me');
});

config/auth.php

'defaults' => [
        'guard' => 'api',
        'passwords' => 'users',
    ],

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'jwt',
            'provider' => 'admin',
        ],
    ],

'providers' => [
        'user' => [
            'driver' => 'eloquent',
            'model' => App\User::class,
        ],
        'admin' => [
            'driver' => 'eloquent',
            'model' => App\Admin::class,
        ],
    ],

Admin Model

<?php

namespace App;

use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Foundation\Auth\User as Authenticatable;

class Admin extends Authenticatable implements JWTSubject
{
    public $incrementing = true;

    protected $table = 'admin';

    protected $hidden = [
        'password', 'remember_token', 'is_active'
    ];
	
    public function getJWTIdentifier()
    {
        return $this->getKey;
    }

    public function getJWTCustomClaims()
    {
        return [];
    }
}

AdminController

class AdminController extends Controller
{

    public function __construct()
    {
        $this->middleware('auth:api', ['except' => ['login']]);
    }

    public function login()
    {
        $credentials = ['email' => request('email'), 'password' => request('password'), 'is_active' => 1];

        if (! $token = auth()->attempt($credentials)) {
            return response()->json(['error' => 'Unauthorized'], 401);
        }
        return $this->respondWithToken($token);
    }

    public function me()
    {
        return response()->json(auth()->user());
    }

    public function logout()
    {
        auth()->logout();

        return response()->json(['message' => 'Successfully logged out']);
    }

    public function refresh()
    {
        return $this->respondWithToken(auth()->refresh());
    }


    protected function respondWithToken($token)
    {
        return response()->json([
            'user' => auth()->user(),
            'token' => $token,
            'token_type' => 'bearer',
            'expires_in' => auth()->factory()->getTTL() * 60
        ]);
    }

PostMan

{
    "message": "Unauthenticated."
}

pandeptwidyaop avatar Feb 13 '19 01:02 pandeptwidyaop

@tymondesigns I am having the very same issue. any help on this would be very much appreciated. I am using version 0.5 in an app built with Laravel 5.3 and it has a key user in JWTconfig file but that key doesn't work for me in Laravel 5.8. I am using version dev-develop#f72b8eb as 1.0.0-rc.3.2 as mention on an issue #1765

mubassirhayat avatar Apr 16 '19 06:04 mubassirhayat

You are using that middleware twice - once in router, second time in controller itself. Either remove middleware group from router - because you have it in controller constructor, or use that route outside of that group.

MCFreddie777 avatar Apr 21 '19 18:04 MCFreddie777

Any update or solution on this... I am facing similar issue

RahulMaurya02 avatar May 11 '19 13:05 RahulMaurya02

MCFreddie777 you are right, thanks!!

infomanR avatar Jun 21 '19 03:06 infomanR

I encountered this error (although my default guard was 'web') and it turned out my token, passed as a param, was wrapped in quotes thereby preventing authentication. I removed the quotes before making the request and authentication worked as expected.

jwarshaw avatar Sep 19 '19 18:09 jwarshaw

I just had this exact same scenario when testing a copy of the web app. Login would return the token, but any subsequent call to a guarded route resulted in Unauthenticated.

Running php artisan jwt:generate created JWT_SECRET on .env and all was good.

dv336699 avatar Nov 04 '19 07:11 dv336699

I just had this exact same scenario when testing a copy of the web app. Login would return the token, but any subsequent call to a guarded route resulted in Unauthenticated.

Running php artisan jwt:generate created JWT_SECRET on .env and all was good.

Hi, I'm using the same way "jwt:secret" , but still get 401 Unauthorized , anyone can help? It can run on my localhost , but I put it into gcp then turns 401 ... someone can help?

I2C-RoyYou avatar Nov 15 '19 09:11 I2C-RoyYou

I have laravel v7 and jwt v1.0.0 same issue

jamal-rahimzadegan avatar Mar 25 '20 20:03 jamal-rahimzadegan

@pandeptwidyaop pandeptwidyaop Your Route Should be like this.

Route::group([ 'middleware' => 'api', 'prefix' => 'auth' ], function ($router) {
    Route::post('login', 'AuthController@login');
    Route::post('register', 'AuthController@register');
    Route::post('update', 'AuthController@update');
    Route::post('logout', 'AuthController@logout');
    Route::post('refresh', 'AuthController@refresh');
    Route::post('me', 'AuthController@me');
});

satya-kr avatar Jun 04 '20 18:06 satya-kr

Subject

I have followed all the steps in the JWT documentation, when I login and get access_token and try to access the route I always get an Unauthenticated message.

Environment

Q A Bug? no New Feature? no Framework Laravel Framework version 5.7.25 Package version 1.0.0-rc.3 PHP version 7.2.10

api.php

Route::group(['prefix' => 'auth'], function($q){
    Route::post('login','AdminController@login');
    Route::post('me','AdminController@me');
});

config/auth.php

'defaults' => [
        'guard' => 'api',
        'passwords' => 'users',
    ],

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'jwt',
            'provider' => 'admin',
        ],
    ],

'providers' => [
        'user' => [
            'driver' => 'eloquent',
            'model' => App\User::class,
        ],
        'admin' => [
            'driver' => 'eloquent',
            'model' => App\Admin::class,
        ],
    ],

Admin Model

<?php

namespace App;

use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Foundation\Auth\User as Authenticatable;

class Admin extends Authenticatable implements JWTSubject
{
    public $incrementing = true;

    protected $table = 'admin';

    protected $hidden = [
        'password', 'remember_token', 'is_active'
    ];
	
    public function getJWTIdentifier()
    {
        return $this->getKey;
    }

    public function getJWTCustomClaims()
    {
        return [];
    }
}

AdminController

class AdminController extends Controller
{

    public function __construct()
    {
        $this->middleware('auth:api', ['except' => ['login']]);
    }

    public function login()
    {
        $credentials = ['email' => request('email'), 'password' => request('password'), 'is_active' => 1];

        if (! $token = auth()->attempt($credentials)) {
            return response()->json(['error' => 'Unauthorized'], 401);
        }
        return $this->respondWithToken($token);
    }

    public function me()
    {
        return response()->json(auth()->user());
    }

    public function logout()
    {
        auth()->logout();

        return response()->json(['message' => 'Successfully logged out']);
    }

    public function refresh()
    {
        return $this->respondWithToken(auth()->refresh());
    }


    protected function respondWithToken($token)
    {
        return response()->json([
            'user' => auth()->user(),
            'token' => $token,
            'token_type' => 'bearer',
            'expires_in' => auth()->factory()->getTTL() * 60
        ]);
    }

PostMan

{
    "message": "Unauthenticated."
}

I am facing same issue. were you able to get it resolved? i need help

sirkenedy avatar Dec 11 '20 17:12 sirkenedy

Subject

I have followed all the steps in the JWT documentation, when I login and get access_token and try to access the route I always get an Unauthenticated message.

Environment

Q A Bug? no New Feature? no Framework Laravel Framework version 5.7.25 Package version 1.0.0-rc.3 PHP version 7.2.10

api.php

Route::group(['prefix' => 'auth'], function($q){
    Route::post('login','AdminController@login');
    Route::post('me','AdminController@me');
});

config/auth.php

'defaults' => [
        'guard' => 'api',
        'passwords' => 'users',
    ],

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'jwt',
            'provider' => 'admin',
        ],
    ],

'providers' => [
        'user' => [
            'driver' => 'eloquent',
            'model' => App\User::class,
        ],
        'admin' => [
            'driver' => 'eloquent',
            'model' => App\Admin::class,
        ],
    ],

Admin Model

<?php

namespace App;

use Tymon\JWTAuth\Contracts\JWTSubject;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Foundation\Auth\User as Authenticatable;

class Admin extends Authenticatable implements JWTSubject
{
    public $incrementing = true;

    protected $table = 'admin';

    protected $hidden = [
        'password', 'remember_token', 'is_active'
    ];
	
    public function getJWTIdentifier()
    {
        return $this->getKey;
    }

    public function getJWTCustomClaims()
    {
        return [];
    }
}

AdminController

class AdminController extends Controller
{

    public function __construct()
    {
        $this->middleware('auth:api', ['except' => ['login']]);
    }

    public function login()
    {
        $credentials = ['email' => request('email'), 'password' => request('password'), 'is_active' => 1];

        if (! $token = auth()->attempt($credentials)) {
            return response()->json(['error' => 'Unauthorized'], 401);
        }
        return $this->respondWithToken($token);
    }

    public function me()
    {
        return response()->json(auth()->user());
    }

    public function logout()
    {
        auth()->logout();

        return response()->json(['message' => 'Successfully logged out']);
    }

    public function refresh()
    {
        return $this->respondWithToken(auth()->refresh());
    }


    protected function respondWithToken($token)
    {
        return response()->json([
            'user' => auth()->user(),
            'token' => $token,
            'token_type' => 'bearer',
            'expires_in' => auth()->factory()->getTTL() * 60
        ]);
    }

PostMan

{
    "message": "Unauthenticated."
}

I am facing same issue. were you able to get it resolved? i need help

yes , I solved ! I put token in url parameters , like "http://xxx.com?token=" then all problem solved! you can try!

I2C-RoyYou avatar Dec 14 '20 03:12 I2C-RoyYou

As mentioned above a solution that works for me is to send the token: "http://xxx.com?token=" Now there must be a solution to send it by bearer token

sbalex27 avatar Dec 21 '20 20:12 sbalex27

@sbalex27 I would suggest the following if you want to make use of the Authorization header Bearer token:

$input = [ 'email' => $request->getUser(), 'password' => $request->getPassword() ];

To login and receive the JWT token: $token = auth($guard)->attempt($input) ($guard is needed when you make use of multi guard auth models)

DebugTheCode avatar May 27 '21 08:05 DebugTheCode

I just had this exact same scenario when testing a copy of the web app. Login would return the token, but any subsequent call to a guarded route resulted in Unauthenticated. Running php artisan jwt:generate created JWT_SECRET on .env and all was good.

Hi, I'm using the same way "jwt:secret" , but still get 401 Unauthorized , anyone can help? It can run on my localhost , but I put it into gcp then turns 401 ... someone can help?

Same issue

Xpressglobe avatar Jun 03 '22 16:06 Xpressglobe

Acabei de ter exatamente o mesmo cenário ao testar uma cópia do aplicativo da web. O login retornaria o token, mas qualquer chamada subsequente para uma rota protegida resultaria em Unauthenticated. A execução php artisan jwt:generatecriou JWT_SECRET em .env e tudo estava bem.

Olá, estou usando o mesmo caminho "jwt:secret" , mas ainda recebo 401 Unauthorized , alguém pode ajudar? Ele pode rodar no meu localhost, mas eu coloco no gcp e dá 401... alguém pode ajudar?

Mesmo problema Bom, pra todos que estão tendo esse problema, uma coisa que pode funcionar é remover o construtor do AuthController. Pois se vc já está colocando aquela rota protegido pelo middleware no arquivo de rotas. Se Fizer isso em dois lugares (nas rotas e no controller) o laravel não irá entender.

ProgramacaoEco avatar Mar 02 '23 21:03 ProgramacaoEco

You are using that middleware twice - once in router, second time in controller itself. Either remove middleware group from router - because you have it in controller constructor, or use that route outside of that group.

This worked flawlessly. Thanks.

rzshss avatar Nov 14 '23 04:11 rzshss