i use laravel tymon/jwt-auth for jwt authentication. but when i authenticate, just get access token, not refresh token
in package.json
{
...
"require": {
"php": "^7.1.3",
"barryvdh/laravel-cors": "^0.11.3",
"fideloper/proxy": "^4.0",
"laravel/framework": "5.8.*",
"laravel/tinker": "^1.0",
"tymon/jwt-auth": "dev-develop"
}
...
}
i expect to get an refresh token to refresh the token after expiration, in the config/jwt.php i can set the expiration time for both access token and refresh token, but i can't get it. how to get the refresh token ?
First, go your project directory
Open the terminal or CMD inside your project directory and execute the below command
$ php artisan route:list
it will give you all the routes regarding your project including the auth routes, inside that route list you can see a route like this
POST | api/auth/refresh
you should send the POST request to the above route with by providing the expired access token inside the header or body as Bearer token. It will return the new token as the response.
Note: if the previous access token is not expired after calling the refresh token, endpoint previous token will be automatically expired.
Related
I am using Laravel Sanctum's API Tokens to authenticate requests from a React application. I don't use SPA Authentication and cookies.
For now, the Laravel sessions are managed with files.
After you login, you get a token, and with the given token, you can call APIs successfully. But if you refresh a page, even with the same token, API calls fail with 401 status code and the following message:
{
"message": "Given authorization token is not valid. Please try to login again."
}
It works fine on my localhost. It only happens on a live site, and after you refresh a page.
The Laravel backend serves only APIs, so it defines routes in api.php only. All these routes are using auth:sanctum middleware (of course, with an exception of /login route).
The following line is disabled in Kernel.php for the api middleware group:
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class
Any thoughts on how to fix this?
Even though the token has expired. Spartacus still uses "/users/current" instead of "/users/anonymous". Hence, we are getting HTTP 401 on the API calls.
We're using
"#spartacus/core": "^2.1.0",
"#spartacus/storefront": "^2.1.0",
I'm creating a SPA using NextJS and I have a Laravel backend for my API. To authenticate my SPA I'm using laravel sanctum.
My API is on api.domain.com and my app is on domain.com
I've set these environment variables which are relevant to this issue:
SESSION_DRIVER=cookie
SESSION_DOMAIN=.domain.com
SANCTUM_STATEFUL_DOMAINS="domain.com"
When I log in I make a request to /sanctum/csrf-cookie to get my CSRF cookie, and I can see in my following requests I am sending the X-XSRF-TOKEN header with the value from the cookie.
I'm wondering if anyone else has had a similar issue with CSRF mismatches when using sanctum on different subdomains?
OK what ended up fixing my issue is changing the name of my session cookie to something without an underscore, very weird!
When the user logs in on the page, then deletes the authentication cookie manually from the browser and finally trying to logout, then the logout won't be possible because of mismatch token. How to handle this?
Tried to handle the mismatch token using exception handling but it doesn't work
php artisan make:auth
To logout I have used a post form and sending the CSRF token with it.
I've added "laravel/passport": "^4.0" package to my fresh install of laravel 5.5 and to consume my own API, i've added \App\Http\Middleware\CreateFreshApiToken::class middleware to the kernal.php.
Also, I've scaffolded the Auth login and registration using php artisan make:auth as well but whenever I try to login or logout it throws a TokenMismatchException and shows me 419 response view.
I checked the csrf token inside the auth forms and also xsrf token inside cookies which is set by laravel/passport package and I found that after changing route to route the token changes which is causing token miss match while logout or login.