I am developing a project using Vue, laravel, and passport.
I had access to the API routes using the auth: API middleware so I didn't use laravel session login system, but I want to access the authorize route that passport offer but passport requires web middleware, not API.
I added a passport in a driver for 'web' in guards array in config/auth.php
'guards' => [
'web' => [
'driver' => 'passport',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
using postman I sent a GET request to the route with header containing Authorization token and responded correctly.
but when I opened it in the browser it gave me Route [login] not defined. since it doesn't have the Authorization token header
Is there any way it can work through?
In other words, I think the solution of this is sent the token as a header to the passport authorize page which I didn't had access to.
Thanks in advance for any help :)
Related
I am trying to integrate Laravel socialite to my project, i am coming across the following error
Access to XMLHttpRequest at 'https://github.com/login/oauth/authorize?client_id=6b87b76a942a90caec24&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fgithub%2Fcallback&scope=user%3Aemail&response_type=code&state=ZLzrBzsFH6YVKpat3yZ5a2G6vLd0wWedFRwFRXoc' (redirected from 'http://localhost:8000/github') from origin 'http://localhost:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The issue is when i press sign in with github button i get the above error
Error Picture
cors.php file
'allowed_methods' => ['*'],
'allowed_origins' => ['http://localhost:8000'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => false,
am using the Fruitcake/laravel-cors package
protected $middleware = [
\Fruitcake\Cors\HandleCors::class,
];
Where am i going wrong?
Access to XMLHttpRequest at 'https://github.com/...' (redirected from 'http://localhost:8000/github') ... blocked by CORS policy
You are not Github.
The code running on your Laravel application is not running on github.com.
You cannot grant permission to your JavaScript to read data that Github is sending to the user's browser.
In broader terms, you've gone very wrong somewhere in your attempt to implement OAuth. You are making an Ajax request where you need to make a request that navigates the browser to Github for the user to interact with their login UI.
I have been trying to get subdomains working with Laravel Sanctum for about 2 hours tonight, I had it working when my SPA was at app.domain.com and my api was at domain.com but now I need to move the api to be hosted at api.domain.com but for whatever reason when both the session_domain and the sateful_domain are subdomains things get all wacky. Wondering if anyone has had similar issues. Can't find anything helpful online either.
.env file
SESSION_DRIVER=cookie
SESSION_LIFETIME=120
SESSION_SECURE_COOKIE=true
SESSION_DOMAIN=.domain.com
SANCTUM_STATEFUL_DOMAINS=app.domain.com
config/cors.php
'paths' => ['api/*', 'login', 'logout', 'register', 'sanctum/csrf-cookie'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
Kernel.php
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class
],
CSRF protection is working fine, and I am able to "login" but any request after the successful login 401's and every time I login again another cookie is added to the browser.
I have followed everything on the laravel docs, would love some help here if someone has the time / has ran into this before
All of my api routes are guarded with Route::group(['middleware' => 'auth:sanctum']
I have even tried the findings from this post and still no dice.
Laravel Sanctum auth:sanctum middleware with Angular SPA unauthenticated response
I'am working on a old project in laravel 5.5. It going file till date. But now I am configuring Laravel Socialite, added all the provider credentials to services.php. But when redirecting to provider, system throws an error, formatRedirectUrl() must be of the type array, null given.
So I checked if the providers are set correctly. To check that I used config('services.facebook.client_id'), but it returns nothing.
Note:
I have tried clearing cache: php artisan config:clear
Caching again: php artisan config:cache
Tried config('app.name') which is returning app name as expected.
Any idea what's the reason of this unexpected behaviour?
services.php:
<?php
return [
/*
|--------------------------------------------------------------------------
| Third Party Services
|--------------------------------------------------------------------------
|
| This file is for storing the credentials for third party services such
| as Stripe, Mailgun, SparkPost and others. This file provides a sane
| default location for this type of information, allowing packages
| to have a conventional place to find your various credentials.
|
*/
'facebook' => [
'client_id' => env('FACEBOOK_CLIENT_ID'),
'client_secret' => env('FACEBOOK_CLIENT_SECRET'),
'redirect' => env('CALLBACK_URL_FACEBOOK'),
],
'google' => [
'client_id' => env('GOOGLE_CLIENT_ID'),
'client_secret' => env('GOOGLE_CLIENT_SECRET'),
'redirect' => env('CALLBACK_URL_GOOGLE'),
],
'twitter' => [
'client_id' => env('TWITTER_CLIENT_ID'),
'client_secret' => env('TWITTER_CLIENT_SECRET'),
'redirect' => env('CALLBACK_URL_TWITTER'),
],
];
I have a local apache2 server running humhub 1.3.14.
My goal is to set Keycloak located on my rancher cluster as the authentication provider for humhub.
After selecting "keycloak OpenId Connect" the user is successfully redirected to the keycloak server. After the user has authenticated, keycloak redirects back to my local humhub server.
There humhub complains:
"Unable to verify JWS: Unsecured connection" .
to validate the JWS, humhub uses yii2-authclient/src/OpenIdConnect.php which requires "spomky-labs/jose:~5.0.6" (which is abandoned, but yii2 does still use it).
in humhub/protected/vendor/yiisoft/yii2-authclient/src/OpenIdConnect.php setting
$validateJws = false
does nothing.
humhub/protected/config/common.php:
return [
'params' => [
'enablePjax' => false
],
'components' => [
'urlManager' => [
'showScriptName' => false,
'enablePrettyUrl' => false,
],
'authClientCollection' => [
'class' => 'yii\authclient\Collection',
'clients' => [
'keycloak' => [
'class' => 'yii\authclient\OpenIdConnect',
'issuerUrl' => 'https://xxxx/auth/realms/humhub',
'clientId' => 'humhub',
'clientSecret' => 'xxxxxxx',
'name' => 'keycloak',
'title' => 'Keycloak OpenID Connect',
'tokenUrl' => 'https://xxxx/auth/realms/humhub/protocol/openid-connect/token',
'authUrl' => 'https://xxxx/auth/realms/humhub/protocol/openid-connect/auth',
'validateAuthState' => 'false',
'validateJws' => 'false',
],
],
]
]
];
Can anyone help?
Further information required?
UPDATE
After updating "spomky-labs/jose" to "spomky-labs/jose:~6.1.0", the response from humhub changed to:
"Unable to verify JWS: The provided sector identifier URI is not valid: scheme must be one of the following: ["https"]."
UPDATE
I have enabled https also on my local apache2 server which runs humhub.
I also downgraded spomky-labs/jose back to version 5.0.6, because of compatibility problems with the current humhub version 1.3.14.
After that, the JWS error seems to be fixed but a new error accured:
Coult it be caused by the content type in the JWS which is not "application/json" but instead just "" (empty)?
if so, how can this be fixed?
Finaly i found the solution: It is not working well, because humhub does not hold the specifications in its OIDC adapter. After directing back from Keycloak, the following error accures:
The OpenId Connect 1.0 Specification describes, that an ID-Token has to be signed using a JWS (Json Web Signature). Keycloak does that, but does not set the "cty" field. As for https://www.rfc-editor.org/rfc/rfc7515#section-4.1.10 (RFC7515), this field is optional which means, that Humhub (v. 1.3.13) has a wrong implemented Open ID Connect 1.0 adapter because it sets this field to be mandatory.
I am doing project in Laravel. For storing images I am using aws-s3. My project working very well on godaddy server but not on digital ocean server. I am getting error as,
Aws\Sqs\Exception\SqsException: Error executing "ReceiveMessage" on "https://sqs.us-east-1.amazonaws.com/your-account-id/your-queue-name"; AWS HTTP error: Client error: `POST https://sqs.us-east-1.amazonaws.com/your-account-id/your-queue-name` resulted in a `403 Forbidden` response:
<?xml version="1.0"?><ErrorResponse xmlns="http://queue.amazonaws.com/doc/2012-11-05/"><Error><Type>Sender</Type><Code>I (truncated...)
InvalidClientTokenId (client): The security token included in the request is invalid. - <?xml version="1.0"?><Err......
Here Is a code that I used for s3 setup in my project,
filesystem.php
's3' => [
'driver' => 's3',
'key' => '************',
'secret' => '***********',
'region' => 'ap-south-1',
'bucket' => 'xyz',
'options' => [
'ServerSideEncryption' => 'AES256',
]
]
.env
QUEUE_DRIVER=redis
I am getting this error irrespective of hitting any api. I don't know where I am going wrong. Thanks in advance.
Issue is documented under aws blog,
https://aws.amazon.com/premiumsupport/knowledge-center/security-token-expired/
Please check your credentials and appropriate roles / Policies attaches to roles to access S3.