jeudi 2 mai 2019

Laravel: Passport password grant client is always unauthenticated

I'm building a Laravel App, this app has an api that needs to be consumed from my Javascript and also it has to be able to be consumed by an external client.

So I setup my api to be consuming from my JS as is specified in the laravel Documentation (Consuming Your API With JavaScript)

Which basically is to add the trait to the user, and then add

'web' => [
    ...
    \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],

To the web array in the $middlewareGroups inside the Kernel.php file.

After that I test that I've access to my API from my JS, and it worked.

Then, I setup a new external client with php artisan passport:client --password When I got my client id and my client secret, I did an HTTP POST to the http://your.server/oauth/token route in order to get my acces_token.

So the request was basically this one:

curl -X POST \
  http://localhost:8000/oauth/token \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
    "grant_type": "password",
    "client_id": "3",
    "client_secret": "EQ4rriV9MxV6nn9b5kMvh8fKwzWG8butnPvkJgiI",
    "username": "email@myemaildomain.com",
    "password": "SomePassword",
    "scope": ""
}'

Then I send an HTTP GET to a route adding the authorization header:

curl -X GET \
  http://localhost:8000/me \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjVlNjM5ZjQ2ZjU4OWUxMWU4MzE4MzE2MDcyMDNiMzY0YmNlYTkwYjEzNDhlNGZkYjgwZmI5MDA3NDE1YTM5MTE4ZDdmODdmNGZiMGY4N2NiIn0.eyJhdWQiOiIzIiwianRpIjoiNWU2MzlmNDZmNTg5ZTExZTgzMTgzMTYwNzIwM2IzNjRiY2VhOTBiMTM0OGU0ZmRiODBmYjkwMDc0MTVhMzkxMThkN2Y4N2Y0ZmIwZjg3Y2IiLCJpYXQiOjE1NTY3ODQ1ODcsIm5iZiI6MTU1Njc4NDU4NywiZXhwIjoxNTg4NDA2OTg3LCJzdWIiOiIxIiwic2NvcGVzIjpbXX0.Sk9PfFgbCElMqQ0A_iBOwSMbM2wjqe1FJ_pZl7L8EE_S_IJzQ1P445fCE22iqqN_jUdmkMEB96-hwgbnrhJp6feG5kA8B9KnNiVXOJq6BmU6qPTM-P5BT5vlCILKf7wFMaU2L2y0rjLw-Iq9JemadSOSl6TOxu7Ee8lYoM65QiRchalpW81yLb2ByucdLor3csTODFd0uxA6cmHnl2z5VGfXyFWEB413ptNauvocfq_n3G3FeH21Q0TzJTaHeUg2V-rvmAO6xfNX93bm1kBIRILTKCE-fz45g8Nay1aUcLdp1ac7keHse2AhAQpHfH5-Whnk57v-DCMlylJUK-J73hybcCPaV364JQOyFvg4ChrhFkZZwG8PZ2tvLzNrh-2wsJs7hUqYBkApzObCvzpsGT28szO9sNcxJLcsK_hfHSiKrh3q4Ys6IeVwhxKQ7INk5jOueQGa5THjQayJgBdfl1Dns2mpEkbCjugzSjkzwVIqHgsUhSR4R-pPCyoVR8KDJ5cHEA4sVlV_CLjeipkUdijZqbNYXQzqOYhJHAbjz06_ccEogMTg1VgYMjyMWa0YP2zxdeS_pslJnK8EjjGVlismgdPUwjAsCbe7fuENMJYst8wJfgw1f5poBC_sEUjm7cUHiIe0lvL7fWkca9VEiRhH_-T9iv4V_8AN1ztuv0g' \

But all the responses says that I'm unauthorized.

I'm using the php artisan serve, so I don't think this is a problem with the server. Could it be a problem with the fact that I'm consuming the API from my JS?

Thanks in advance



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire