i can't seem to consume my own Laravel API with Axios, i have tried almost all solutions i came across
can someone please help me out,
i have properly:
Installed.
Registered passport service provider.
Migrated and generated passport keys.
Added HasApiTokens trait into my user model.
Added Passport::routes() into AuthServiceProvider.php.
Change my config\auth.php.
Added \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class into last place my web middleware group. as per the laravel documentation for consuming own api with javascript.
i have tested it with Axios inside vue components in a web browser normal web login. and through postman: api-login, using the returned token to make api call it works on my development machine. But on my production server(Shared Hosting) it keeps returning "Unauthorized" in web browser using web login and using Axios within vue component, and API call in postman returns "Unauthorized" too after login i get a token with i use in making the Postman call.
i checked the request headers are sent too:
x-csrf-token
x-xsrf-token
and also included in the cookie header
Please, ensure the following things as you are running laravel on shared hosting.
Check your root URL set properly with a public folder or You have moved the files of the public folder into the root.
Most importantly check you have .env file & all the files & folders have the proper permissions.
Also, check all the PHP modules (laravel requirements) that are loaded properly with the proper PHP version.
If above steps are correct, then the problem might be your shared server using fcgi rather than regular PHP module. Hence, HTTP_AUTHORIZATION failing there. You can add following codes into the .htaccess file RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.+)$ RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] that should do HTTP_AUTHORIZATION & solve the problem.
I hope these fix your problem.
Related
I have created this small app using laravel + vue js 2 years ago. It has been working fine till now but the server guys moved it to different server and suddenly I have started getting "unauthenticated" error on all pages.
The login form works and it generates the personal access token nicely, but when I use that personal access token anywhere on this portal like this "Bearer MY_PERSONAL_ACCESS_TOKEN", it doesn't work.
Is there any additional step I have to do after moving the files to different server? The URL are all same, its just the server is changed. I have also tried running php artisan passport:install but it doesn't fix the issue. I have hundreds of user accounts stored on this DB and now they are unable to use any features.
Any idea how I sort this issue?
Have you tried typing this into the console?
php artisan key:generate
Add these lines in your .htaccess on your server files.
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
My VueJS/Laravel site is running https by default but somehow there is an endpoint that when called is still on http instead of https. This project wasn't developed by me and I have limited knowledge on Laravel. Nginx configuration seems to be fine, where would the issue be most probably? I'm not sure where to start looking. Somehow this app is able to run without having to use URL::forceScheme('https'); and again nginx seems to be good (since by default the site is already on https). Most parts of the api call https save to just one URL. Why does this happen?
The application are using vue components? If yes, so check into the components where the ajax is sending the URL and check if it is setting the URL endpoint with http.
Is recommended to set the URL endpoint domain variable into a .env file and call the URL endpoint domain variable into the URL endpoint param on ajax method.
On this way you has no risk of send a different URL endpoint.
I'm putting an app into production in Laravel for the first time. I know that index.php is the entry point to a Laravel app, but my app has no front end. It is an API with a list of routes in routes/api.php. How can I expose this to index.php (and my hosting provider)?
I've been developing a Symfony app (learning Symfony with the goal of replacing an existing "old school" PHP script with it) and am having an issue with putting it "behind" our Shibboleth authentication.
Why do that? For this app I need $_SERVER['REMOTE_USER']. The app doesn't have local accounts, the user doesn't log into the app, but, like many resources, we protect them with some form of authentication.
I have two sites - virtual hosts running on the same physical server. (CentOS 7). The first site has the following in its .htaccess file:
authtype shibboleth
ShibRequestSetting requireSession 1
require valid-user
I have a "phpinfo.php" file in there, too, and can run that script and, after the Shibboleth authentication step, get the output which includes the correct value of REMOTE_USER.
The other virtual host is set up as a Symfony 3.1 app. I've added those three lines to the top of its ".htaccess" file - but after going through the Shibboleth authentication step, the browser gets into a loop and goes no farther. (In Chrome, the 'favicon' is replaced with a looping arrow, and it never stops turning.)
If I hit and then view the source of this still-empty page, I see the following error message:
Error Message: Error decoding authentication request message
I'm not sure how to start to resolve this issue, and was hoping that someone has seen this and knows how to help.
Thanks.
Best,
Stephen
If I understand well, you are trying to make the Service Provider part in Symfony and you already have an IDP working with Shibboleth.
In my case I had also a similar problem and it was because after the Assertion the apache SP was returning to the root URL. I learnt after reading a lot of documentation that if this is not set correctly you can add an attribute in the shibbolet2.xml configuration called homeURL:
<ApplicationDefaults entityID="https://sso/saml2/idp/metadata.php"
REMOTE_USER="mail"
homeURL="https://symfonyApp/redirect/after/login">
Try it out and restart the shib daemon: /etc/init.d/shibd restart
It may be another as well. But it sounds to me that there is some misconfiguration in your SP side.
So, I had a working application on a turnkey VM using slim and I decided to move it all to a hosted server when I started having issues with Slim. I got 404 on my endpoint calls. I then brought up fiddler and did a call directly to the index.php that contains the Slim endpoints. I got 404 on that. I then removed all the Slim code from index.php and called it again. This time I got 200. Adding back in the slim code a line at a time it didn't bring back 404 until I brought back
$app->run();
The test calls from fiddler where all directly to index.php and not to an endpoint within it.
Does anyone know what I need to do here? I have no rewrite rules set up in my htaccess.