I have a laravel project that works very well on an X server and put that same project (same code) on another Y server, to my surprise the authenticated routes didn’t work, I always get the unauthenticated error, why does this happen?
{ "message":"Unauthenticated.", "success":false, "status_code":500 }
I used the commands: – php artisan passport: install – php artisan config: cache – php artisan cache: clear – php artisan key: generate
And yet I still get the unauthenticated error, the token is being passed correctly by the front end, it’s a bearer token, this token is generated when the user logs in using the createToken (‘myApi’) -> accessToken method
public function login(AuthLoginRequest $request) { $user = User::with('role')->where(['email' => $request->email])->get()->first(); if(!$user){ abort(404, 'userNotFound'); } if(!password_verify($request->password, $user->password)){ abort(401, 'invalidCredentials'); } $token = $user->createToken('MyApiToken')->accessToken; Access::customCreate($request->all(), $user); $response = [ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, 'profile_image' => $user->profile_image, 'token' => $token, 'old_password_changed' => $user->old_password_changed ]; return response()->json($response, 200); }
The login code works perfectly, it returns me the Bearer token, but after sending any request with this token I get the Unauthenticated error. Where am i going wrong? Since the same code works on another server.
Advertisement
Answer
I have a solution.
What was the problem?
For some reason, the Apache server has modules that ignore the Authorization header, say it’s for security (and I don’t doubt it).
How did I solve it?
I simply disabled the following modules in the Apache settings:
- mod_cgid
- mod_fcgid
- mod_proxy_scgi
And in the httpd.conf file I added the line (Linux/CentOS 7.6):
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1