I have added following code in my middleware for user authentication with JWT Auth, which works fine for all the routes handled by the middleware.
public function handle($request, Closure $next)
{
if ($request->has('token')) {
try {
$this->auth = JWTAuth::parseToken()->authenticate();
return $next($request);
} catch (JWTException $e) {
return redirect()->guest('user/login');
}
}
}
But for one route with Post Method where the token is getting passed properly but still I am getting JWTException - The token could not be parsed from the request, on the same route when I tried
public function handle($request, Closure $next)
{
if ($request->has('token')) {
try {
dd($request->input('token'));
$this->auth = JWTAuth::parseToken()->authenticate();
return $next($request);
} catch (JWTException $e) {
return redirect()->guest('user/login');
}
}
}
output:
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9iaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwMDFcL2F1dGhcL2xvZ2luIiwiaWF0IjoxNDcyNTI4NDU0LCJleHAiOjE0NzI1MzIwNTQsIm5iZiI6MTQ3MjUyODQ1NCwianRpIjoiM2E0M2ExYTZlNmM5NjUxZDgxYjZhNDcxMzkxODJlYjAifQ.CH8ES2ADTCrVWeIO8uU31bGDnH7h-ZVTWxrdXraLw8s"
I am able to see the Valid Token which I am using to access another routes and which is working flawlessly for all other routes.
Thanks in advance!!!
答案 0 :(得分:5)
根据您的描述,我检查了JWT Auth的源文件。
在Tymon \ JWTAuth \ JWTAuth第191-219行中,有两个功能:
/**
* Parse the token from the request.
*
* @param string $query
*
* @return JWTAuth
*/
public function parseToken($method = 'bearer', $header = 'authorization', $query = 'token')
{
if (! $token = $this->parseAuthHeader($header, $method)) {
if (! $token = $this->request->query($query, false)) {
throw new JWTException('The token could not be parsed from the request', 400);
}
}
return $this->setToken($token);
}
/**
* Parse token from the authorization header.
*
* @param string $header
* @param string $method
*
* @return false|string
*/
protected function parseAuthHeader($header = 'authorization', $method = 'bearer')
{
$header = $this->request->headers->get($header);
if (! starts_with(strtolower($header), $method)) {
return false;
}
return trim(str_ireplace($method, '', $header));
}
检查它们的逻辑,我相信你的请求标题没有正确提供。
if (! $token = $this->parseAuthHeader($header, $method)) { // all your get method not passed this step
if (! $token = $this->request->query($query, false)) { // all your post method stucked here
throw new JWTException('The token could not be parsed from the request', 400);
}
}
proprly标题是这样的:
http POST http://${host}/api/v1/product/favorite/111 "Authorization: Bearer ${token}"。
以上是我可以为您提供的,希望它能帮助您完成您的想法。如果没有,你仍然可以从这两个函数进行调试。
答案 1 :(得分:1)
我在ec2亚马逊AMI Linux php7.2 apache2.4上遇到了相同的问题,但是令牌在apache请求标头中生成,但在Laravel请求标头中不可见 因此,请将此代码添加到中间件中,这将仅在您的服务器上有效,而在本地主机上则无效。
$headers = apache_request_headers();
$request->headers->set('Authorization', $headers['authorization']);
JWT中间件
try {
$headers = apache_request_headers(); //get header
$request->headers->set('Authorization', $headers['authorization']);// set header in request
$user = JWTAuth::parseToken()->authenticate();
} catch (Exception $e) {
if ($e instanceof \Tymon\JWTAuth\Exceptions\TokenInvalidException){
return response()->json(['status' => 'Token is Invalid']);
}else if ($e instanceof \Tymon\JWTAuth\Exceptions\TokenExpiredException){
return response()->json(['status' => 'Token is Expired']);
}else{
return response()->json(['status' => 'Authorization Token not found']);
}
}
答案 2 :(得分:1)
通过在RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]上添加.htaccess进行了修复,因此Laravel不会丢弃授权标头。将其添加到文档中可能会很有用。
答案 3 :(得分:0)
我将此添加到/etc/apache2/apache2.conf中。
<Directory /var/www/html>
AllowOverride all
</Directory>
(请记住重新启动apache)
从我的网址中删除index.php,解决此问题。
/public/index.php/api/user/login-> /public/api/user/login
答案 4 :(得分:0)
我遇到了一个问题,并通过在 .htaccess
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]