Previously I generated the auth token based on the user credentials and it was worked fine.
I need to generate the token for guest users in which I did not have the credentials.
So I followed token generation using custom claims in JWT. Using this link I implemented.
When I try to access the apis using the custom claims token I am getting 401 unauthorized error.
I am using the previous auth system in which token is generated using the user credentials and also I need the custom claims token also to work.
Any help would be appreciated.
Check the guard on the middleware that control your route or the resource you are trying to access.
Related
I am creating a new rest API using Laravel 5.6. For API authorization, I have implemented Passport and it is working fine.
However, I want a system where anyone who wants to access any route of my API including register and login that requires token.
I am thinking in this way but not so sure how I can implement in Laravel.
I will issue one static token and will store into database.
I will encrypt that token and will provide to the client in my case
mobile app.
Mobile side the token I will store into shared preference so no one
will have direct access.
When mobile send a request to access any route of API, it has to pass the token in the header with the custom key
API will decrypt the token and match with the database one.
If it matches that will allow accessing the API.
Then later I may use the Passport token to add additional layer or security.
My question is,
How to implement this system in Laravel so I don't have to write code
for every request and all request pass through this validation?
So i am currently developing a web app that will use laravel api for future mobile use and laravel passport. My passport is set up to where i used postman to login, register, and delete an account, the usual functions. The laravel API also works independently as can make the requests from my routes.
Using Passport, i log in, and it returns a token, in which if i am correct, is the token that will be used for the API. Now upon creating the api, which will be accepting the forms/parameter to the main function for my app, How do i use the token i received from Passport with the API?
In the request to the API do i need to ask for the user's token and if so how to check that its a token that can be used from my application. It's this middle part of connecting them i cannot understand, as I can make the passport work by itself, and the laravel api by itself that im just sending the posts/get from postman and getting my json responses that ill use later for my js frontend.
In config/auth.php replace api -> driver to password, and consequently you can use the same Auth::user() method to login through Password API tokens. Don't forget to pass the token as Authorization header from front-end side wi the key Bearer.
You just need to install passport and then you will get client secret key.
Then you need call API using passport default route like http://192.000.0.000:8000/oauth/token with some parameters like:
client_id = 1,
client_secret = xxxxxxxxxxxxxxxx,
grant_type = client_credentials
username = hanna.stracke#example.org
password = secret
scope = *
Then hit the URL then you will get "access_token". using access_token you will login the user.
Thanks,
I started with an API inside Laravel with the JWT package, another Laravel frontend installation should be able to login to this Laravel API, but im not really sure how to handle this the right way.
My setup is like this:
Laravel API -> receives POST login -> returns a token and a user model -> Laravel frontend receives this data
But then what? How would I 'auth' the right way inside the Laravel frontend part?
Just set my own sessions and check that way? Any suggestions would be nice! :)
First you authenticate with the Laravel API, performing the POST request as you mentioned. This should provide you your JWT or access_token, along with a refresh token.
You then append this token to your requests in the Authorization header.
So the key is Authorization and the value will be Bearer <access_token>.
Finally your routes must have the correct middleware to require a valid token, for example the auth middleware.
I'm developing an api to connect a site to a new magento store using oauth.
I'm authenticating using the admin/oauth_authorize route and I've managed to get an access token and secret key to request for resources, but it's not working.
I get
Invalid auth/bad request (got a 403, expected HTTP/1.1 20X or a redirect)
when I try to use the token.
I checked the user roles and it's set to a rest admin role I made. I also checked the user apps and it does register that I gave authorization.
Right now I'm testing with api/rest/products while setting access and secret keys that I received after authorizing.
Is there something I might be missing or could someone point me out to some useful magento oauth roles usage information?
I'm using php oauth to make the requests.
Btw, if i give access to Guest it does return product information, just in case.
It turns out I was missing proper oauth construction when I tried to fetch the data, I just needed to add the right auth type.
I am using an OAuth plugin for cakephp (thomseddon/cakephp-oauth-server) which am having some issues with at them moment.
I want to be able to allow access to my cakephp Rest with two calls
provision - This just adds in a Client id into my table
auth - using grant_type password I send over grant_type, username, password and client_id and return a access token.
Both these actions seem to be in working order and I am getting an access token back the problem is after I gain access I am still being kicked out by cakephp and redirected to the login page when I try an access one of the rest actions.
For example once I have an access key I send up a request to http://customer-server-2.dev/api/documents.json?access_token=xxxxxxxxxxxxxxxx
At this point I should have access because the access token is correct and works fine - but I don't I get redirected to the login in page.
If anyone can help me with this I would be eternally grateful.
There might be two problems
Your access token may be expired.Get a new access token and check
Check your scope when you are getting access token