4

I follow the Laravel official document step by step.

When I send a request to {{host}}/api/login, I can receive the response that includes the token. Everything is correct.

But when I try to send a request to {{host}}/api/user, it is always unauthenticated.

I checked my code several times, I cannot fix it.

In my .env file, I set as following, my backend host is http://laravel_8_api.test

SESSION_DOMAIN=.laravel_8_api.test
SANCTUM_STATEFUL_DOMAINS=.laravel_8_api.test

How can I make it work? Please help me. Postman request screenshot

The code is in this link https://github.com/ramseyjiang/laravel_8_api

Novocaine
  • 4,692
  • 4
  • 44
  • 66
Ramsey Jiang
  • 81
  • 1
  • 7
  • Did you use the token as bearer token when making a call to /api/user? Your auth guard should be auth:sanctum in api.php. You are currently not using sanctum for authentication. – NICO May 03 '21 at 06:38
  • In routes > `api.php` file you are using `auth:api` as middleware but it looks like you are using sanctum to maintain tokens. So, Use `auth:sanctum` this middleware – Vishnu May 03 '21 at 07:34
  • @NICO Please check the code on the GitHub, I did what you said before, but it still has the same issue. – Ramsey Jiang May 03 '21 at 07:58
  • @Vishnu If I did that, it will show the issue as "https://stackoverflow.com/questions/61141197/laravel-sanctum-column-not-found-1054-unknown-column-api-token-in-where-cl", but it does not fix. If you have time, can you please download the code and help me ? – Ramsey Jiang May 03 '21 at 08:00

4 Answers4

8

Try this if you haven't

The reason this isn't working is that Sanctum is denying the authenticated request based on the referrer.

Add Referer to the request header in postman.

enter image description here

Joseph Ajibodu
  • 1,093
  • 10
  • 14
1

Try this solution, may it will help you.(It helped me) first you check is that your bearer token which you sending in header is really reaching to your app server? Lets check it: put this code in your route/api.php file

print_r($_REQUEST);
print_r($_SERVER);
exit;

now lets send postman request, in response you will get a line like this "[REDIRECT_HTTP_AUTHORIZATION] => Bearer 6|4rxthBID7kiSleFglD30aphZu3poiDYJjWMJgZZc" if this line is missing then its mean your .htaccess file is not allowing to pass token to server. So the solution is very easy, just add this line to your .htaccess file

#Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Ashish Rawat
  • 121
  • 6
0

//api.php

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});

middleware should be auth:sanctum instead of auth:api

Majharul Nayem
  • 104
  • 2
  • 8
  • Thank you. I did it, after that it show ""message": "SQLSTATE[42S22]: Column not found: 1054 Unknown column 'api_token' in 'where clause' (SQL: select * from `users` where `api_token` = 1|gtvc1tOUbGyfvWaiYPm8b9BzHGtzwTZUjaVL5VSQ limit 1)",", but I didn't using api_token and I also don't know why it show this issue. Do you why it shows this issue? – Ramsey Jiang May 03 '21 at 07:43
  • Yes, you are using pain text token. You are not using session based deafult login method. https://github.com/ramseyjiang/laravel_8_api/blob/main/app/Http/Controllers/Api/AuthController.php – Majharul Nayem May 03 '21 at 08:10
  • It is not that issue, I changed the config/auth.php, then I fixed the issue. That change on the official document was forgotten. – Ramsey Jiang May 03 '21 at 08:27
0

In the official document, it forgets to modify the config/auth.php

'api' => [
            'driver' => 'sanctum',
            'provider' => 'users',
            'hash' => false,
        ],

After that, it will fix this issue.

Don't need to modify code in the code in the api.php I mean it doesn't need to change auth:sanctum to the auth:api, if change it, it will make another issue as the link Laravel Sanctum : column not found: 1054 Unknown column 'api_token' in 'where clause'

Ramsey Jiang
  • 81
  • 1
  • 7