Laravel 8 with external UserProvider and JWT: Unauthenticated

  api, jwt, laravel, php

I try to combine JWT custom UserProvider. Users are store in external DB, accessed with API.

config/auth.php

   'defaults' => [
        'guard' => 'api',
        'passwords' => 'users',
    ],
   'guards' => [
        'web' => [
            'driver' => 'jwt',
            'provider' => 'shopAPI',
        ],
        'api' => [
            'driver' => 'jwt',
            'provider' => 'shopAPI',
        ],
    ],
    'providers' => [
        'shopAPI' => [
            'driver' => 'shopAPI',
        ],
    ],

routes/api.php

Route::group([
    'middleware' => 'api',
], function ($router) {
    Route::post('login', [AuthController::class, 'login']);
    Route::post('me', [AuthController::class, 'me']);
});

app/Http/Controllers/AuthController.php


namespace AppHttpControllers;
use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;

class AuthController extends Controller
{
    public function __construct()
    {
        $this->middleware('auth:api', ['except' => 'login']);
    }

    /**
     * Get the guard to be used during authentication.
     *
     * @return IlluminateContractsAuthGuard
     */
    public function guard()
    {
        return Auth::guard();
    }

    /**
     * @param  Request  $request
     *
     * @return IlluminateHttpJsonResponse
     * @throws IlluminateValidationValidationException
     */
    public function login(Request $request) {
        $credentials = $request->only('login', 'password');

        if ($token = $this->guard()->attempt($credentials)) {
            return $this->respondWithToken($token);
        }

        return response()->json(['error' => 'Unauthorized'], 401);
    }


    /**
     * Get the token array structure.
     *
     * @param  string $token
     *
     * @return IlluminateHttpJsonResponse
     */
    protected function respondWithToken($token){
        return response()->json([
            'access_token' => $token,
            'token_type' => 'bearer',
            'expires_in' => $this->guard()->factory()->getTTL() * 60,
            'user' => $this->guard()->user()
        ]);
    }

    public function me()
    {
        return response()->json($this->guard()->user());
    }

}

Getting user from API is OK because I get always success on authorization and $this->guard()->user() inside responseWithToken() returns correct data. I use postman to test it and when I post access_token in me request then I get Unauthenticated

Content-Type: application/json
X-Requested-With: XMLHttpRequest
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczpcL1wvc2hvcC5sb2NhbFwvYXBpXC9sb2dpbiIsImlhdCI6MTYzNDIxODU1MywiZXhwIjoxNjM0MjIyMTUzLCJuYmYiOjE2MzQyMTg1NTMsImp0aSI6IkFIbHU0SHkxcHI3UGNKakQiLCJzdWIiOm51bGwsInBydiI6IjZiMjQ5ZWRhMDQ1YmUwMmJhNWRkMDU1Nzc1NTM0Y2QyYzMxOTE4MzIifQ.pZVfvIddxIpcjlmkk-xYrLPWdt_zON0eTN_oiZHWeK0
User-Agent: PostmanRuntime/7.28.4

Did I miss something?

Source: Laravel

Leave a Reply