Using passport for api authentication, everything working fine, I can create token, revoke and etc but problem is it won't expire.
AuthServiceProvider.php
public function boot()
{
$this->registerPolicies();
if (! $this->app->routesAreCached()) {
Passport::routes();
Passport::tokensExpireIn(Carbon::now()->addMinute(1));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
Passport::personalAccessTokensExpireIn(Carbon::now()->addMinute(1));
}
}
auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'sellers',
'hash' => false,
],
],
api.php
Route::middleware('auth:api')->group(function () {
... routes...
It should expire token after 1 minute! but nothing happen, still can access to those protected routes, I'm not laravel expert, should I do something more? or I missed something to do?
Related
'Route [login] not defined ..'
I'm new to Laravel. I want to make a login system myself, but I still have not solved this error. I am logging in but the user appears blank on the other page, I still cannot control it. I want to use the user restrictions on other pages, how can I do this.
web.php
Route::post('login', [userLogin::class, 'loginPost'])->name('login.post');
Route::get('student/home', [studentHome::class, 'index'] )->name('student.home')->middleware('auth:students');
Route::get('/', function () {
return view('login');
userLoginController.php
public function loginPost(Request $request)
{
if(auth::guard('students')->attempt(['email'=>$request->student_mail,'password'=>$request->student_password],false))
{
//dd(Auth::guard('students')->check());
return redirect()->intended('student.home');
}
else
{
echo "yannlış";
}
}
auth.php
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'students' => [
'driver' => 'session',
'provider' => 'students',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => false,
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'students' => [
'driver' => 'eloquent',
'model' => App\Models\students::class,
],
You are missing the login route which is used to display the login form. Try naming your root:
Route::get('/', function () {
return view('login');
})->name('login');
Or you can add a separate route depending on what you are looking for.
Route::get('login', [UserLogin::class, 'showLoginForm'])->name('login');
I run into this error when i was learning creating an API using laravel passport middleware, it redirects by default to the GET login route, so i had to add like the previous comment said in my web.php.
Route::get('/login', function () {
return view('login');
})->name('login');
I'm using laravel passport and trying to consume the api. After following the docs, everything is good but after a few days, the auth:api keeps returning 'message: "Unauthenticated."' I checked the docs multiple times and couldn't figure out what went wrong. I've also cleared all cache and configs but still the same result. The laravel_token is present in the request header.
Api.php
Route::middleware(['auth:api'])->group(function () {
Route::resource('comment', 'API\CommentController');
Route::resource('notification', 'API\NotificationController');
});
Auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
'hash' => false,
],
],
User.php
use Laravel\Passport\HasApiTokens;
class User extends Authenticatable
{
use Notifiable,HasApiTokens;
}
AuthServiceProvider
public function boot()
{
$this->registerPolicies();
Passport::routes();
}
Kernel.php
'web' => [
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class, //last
],
when I use auth api gaurd for logout route. I am facing with the following Exception
Auth guard [:api] is not defined
I have already implemented registration login Apis but I am facing this error with logout api which I had protected using auth::api
config.auth file
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
api.php
Route::group(['prefix'=>'auth'],function(){
Route::post('login','AuthController#login');
Route::post('signup','AuthController#signup');
Route::group(['middleware' => 'auth::api'], function () {
Route::get('logout','AuthController#logout');
Route::get('user','AuthController#user');
});
});
I should be able to logout the user
If you are using Laravel 9+ and Passport, you need to implemented this inside the guard array on config/auth.php file:
'guards' => [
...
// you need to implement this
'api' => [
'driver' => 'passport',
'provider' => 'users',
'hash' => true,
],
],
You have an extra colon in your code, that's why it is trying to find the guard :api.
According to the docs:
Middleware parameters may be specified when defining the route by
separating the middleware name and parameters with a :. Multiple
parameters should be delimited by commas:
Route::put('post/{id}', function ($id) {
//
})->middleware('role:editor');
So in your case it would be:
Route::group(['prefix' => 'auth'], function () {
Route::post('login','AuthController#login');
Route::post('signup','AuthController#signup');
Route::group(['middleware' => 'auth:api'], function () {
Route::get('logout','AuthController#logout');
Route::get('user','AuthController#user');
});
});
I had the same issue, it seems that i forgot to change Authentication Defaults
so in config/auth.php change this
'defaults' => [
'guard' => 'web',
....
],
into this
'defaults' => [
'guard' => 'api',
....
],
I had implemented custom auth in L5.2. I had followed those same steps but, I am not able to login/signup with custom auth. Following is the setup:
in auth.php i added customers custom auth:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
'customers' => [
'driver' => 'jwt',
'provider' => 'customers',
],
],
// Providers Section
providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'customers' => [
'driver' => 'eloquent',
'model' => App\Customer::class,
],
],
Then in routes/api.php I added following code after removing middleware from RouteServiceProvider.php
Route::group(['middleware' => 'customers'], function() {
Route::post('login', 'JwtAuth\LoginController#login'); //Had made new auth for JWT
}
When I hit this login, instead of Customer table, Auth is done from User table!!
I also tried with following code inside Controller\JwtAuth\LoginController.php :
public function login(Request $request)
{
$credentials = $request->only('email', 'password');
$customer = Auth::guard('customers')->attempt($credentials);
try {
// attempt to verify the credentials and create a token for the user
if (!$token = JWTAuth::attempt($credentials)) {
return response()->json(['error' => 'invalid_credentials'], 401);
}
} catch (JWTException $e) {
// something went wrong whilst attempting to encode the token
return response()->json(['error' => 'could_not_create_token'], 500);
}
// all good so return the token
return response()->json(compact('token'), Response::HTTP_OK);
}
This code throws error as:
Auth guard driver [customers] is not defined.
In my \App\Http\Kernel.php under protected $middlewareGroups i had added:
'api' => [
'throttle:60,1',
'bindings'
],
'customers' => [
'throttle:60:1',
'bindings'
]
Is there any change in token driver or custom driver. Or how to define custom Auth driver?
Any help/guidance would b much appreciated. Thanks in advance.
Auth Guard driver is defined in config/auth.php
Like below
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
'customers' => [
'driver' => 'jwt',
'provider' => 'customers',
],
],
and also add in providers like
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'customers' => [
'driver' => 'eloquent',
'model' => App\Models\Customer::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
Try to clear the config cache php artisan config:clear or rebuild it php artisan config:cache
You will have to also extend your authentication by adding this to the boot() method of your app's AuthServiceProvider:
public function boot()
{
$this->registerPolicies();
Auth::extend('customers', function ($app, $name, array $config) {
return new CustomersGuard();
});
}
See the documentation for adding custom guards
I am trying to login from two different model using same login form. I have defined admin guard in config/Auth.php. But when I define admin guard in Foundation/AuthenticateUsers it checks the database table to validate the user but redirects back to same login form.
config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'admins' => [
'driver' => 'eloquent',
'model' => App\Admin::class,
],
Foundation/AuthenticatUsers
protected function guard()
{
return Auth::guard('admin');
}
public function login(Request $request)
{
$credentials = $this->credentials($request);
if (Auth::guard('web')->attempt($credentials, $request- >has('remember'))) {
return $this->sendLoginResponse($request);
}
elseif(Auth::guard('admin')->attempt($credentials, $request->has('remember')))
{
return $this->sendLoginResponse($request);
}
}
Admin guard redirects to login page because of middleware auth, i think you need to do something like this
public function __construct()
{
$this->middleware('auth:admin');
}
Read this Protecting Routes, part "Specifying A Guard"