I’m using sanctum for api, and all api run fine in localhost, but when run api in live server token doesn’t work, any route under “auth:sanctum” middleware redirect me to “Unauthenticated”, although i loged in, it loged in successfully and generate token, I passed “token” of the user in postman header, although it works fine in localhost, I tried alot of solutions but no way.
Users model:
class User extends Authenticatable { use HasApiTokens, HasFactory, Notifiable;
Kernel: Http/Kernel
protected $middlewareGroups = [ 'web' => [ AppHttpMiddlewareEncryptCookies::class, IlluminateCookieMiddlewareAddQueuedCookiesToResponse::class, IlluminateSessionMiddlewareStartSession::class, // IlluminateSessionMiddlewareAuthenticateSession::class, IlluminateViewMiddlewareShareErrorsFromSession::class, AppHttpMiddlewareVerifyCsrfToken::class, IlluminateRoutingMiddlewareSubstituteBindings::class, ], 'api' => [ LaravelSanctumHttpMiddlewareEnsureFrontendRequestsAreStateful::class, 'throttle:api', IlluminateRoutingMiddlewareSubstituteBindings::class, ], ];
sanctum: Config/sanctum:
<?php return [ /* |-------------------------------------------------------------------------- | Stateful Domains |-------------------------------------------------------------------------- | | Requests from the following domains / hosts will receive stateful API | authentication cookies. Typically, these should include your local | and production domains which access your API via a frontend SPA. | */ 'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf( '%s%s', 'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1', env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : '' ))), /* |-------------------------------------------------------------------------- | Sanctum Guards |-------------------------------------------------------------------------- | | This array contains the authentication guards that will be checked when | Sanctum is trying to authenticate a request. If none of these guards | are able to authenticate the request, Sanctum will use the bearer | token that's present on an incoming request for authentication. | */ 'guard' => ['web'], /* |-------------------------------------------------------------------------- | Expiration Minutes |-------------------------------------------------------------------------- | | This value controls the number of minutes until an issued token will be | considered expired. If this value is null, personal access tokens do | not expire. This won't tweak the lifetime of first-party sessions. | */ 'expiration' => null, /* |-------------------------------------------------------------------------- | Sanctum Middleware |-------------------------------------------------------------------------- | | When authenticating your first-party SPA with Sanctum you may need to | customize some of the middleware Sanctum uses while processing the | request. You may change the middleware listed below as required. | */ 'middleware' => [ 'verify_csrf_token' => AppHttpMiddlewareVerifyCsrfToken::class, 'encrypt_cookies' => AppHttpMiddlewareEncryptCookies::class, ], ];
api: routes:
Route::post('/register',[AuthController::class,'register']); Route::post('/login',[AuthController::class,'login']); Route::post('/social-login',[AuthController::class,'registerWithSocial']); Route::group(['middleware'=>'auth:sanctum'], function(){ Route::apiResource('contactinfo',ContactController::class); });
please any help?
Advertisement
Answer
The issue was in .haccess, I replaced it from:
<IfModule mod_rewrite.c> #Session timeout <IfModule mod_negotiation.c> Options -MultiViews </IfModule> RewriteEngine On RewriteCond %{REQUEST_FILENAME} -d [OR] RewriteCond %{REQUEST_FILENAME} -f RewriteRule ^ ^$1 [N] RewriteCond %{REQUEST_URI} (.w+$) [NC] RewriteRule ^(.*)$ public/$1 RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ server.php </IfModule> # php -- BEGIN cPanel-generated handler, do not edit # Set the “ea-php74” package as the default “PHP” programming language. <IfModule mime_module> AddHandler application/x-httpd-ea-php74 .php .php7 .phtml </IfModule> # php -- END cPanel-generated handler, do not edit
To:
<IfModule mod_rewrite.c> #Session timeout <IfModule mod_negotiation.c> Options -MultiViews </IfModule> RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.+)$ RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteCond %{REQUEST_FILENAME} -d [OR] RewriteCond %{REQUEST_FILENAME} -f RewriteRule ^ ^$1 [N] RewriteCond %{REQUEST_URI} (.w+$) [NC] RewriteRule ^(.*)$ public/$1 RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ server.php </IfModule> # php -- BEGIN cPanel-generated handler, do not edit # Set the “ea-php74” package as the default “PHP” programming language. <IfModule mime_module> AddHandler application/x-httpd-ea-php74 .php .php7 .phtml </IfModule> # php -- END cPanel-generated handler, do not edit
Just added the following:
RewriteCond %{HTTP:Authorization} ^(.+)$ RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
After:
RewriteEngine On