i'm trying to set up my private channel broadcast via Pusher. I've done all, that Laravel broadcasting documentation says. When Pusher is trying to authorize the user - authorization page returns 403 error with HttpException:
I was searching a lot and found one solution, to change the BroadcastServiceProvider this way:
Broadcast::routes(['middleware' => ['auth:api']]);
And now i get 302 redirect to login page and then to main page. Pusher error log now:
JSON returned from webapp was invalid, yet status code was 200. [my main page html here, no json at all]
Configuration files are all set, including Echo
Broadcast service providers are uncommented in config/app.php
I cant find the solution for this problems in simmilart StackOverflow questions.
change the BROADCAST_DRIVER=log
to
BROADCAST_DRIVER=pusher
Related
I'm currently trying to test an SPA using Laravel 8.19.0 and Postman 7.36.1 but I keep getting an "Unauthenticated" response from a route that's guarded by "auth:sanctum", even though I have logged in correctly.
As far as I can understand, I've followed the documentation fully at https://laravel.com/docs/8.x/sanctum
in order to set Sanctum up to be used for SPA so I've done the following:
Installed Sanctum.
Published the Sanctum config.
Performed a migration.
Included the EnsureFrontendRequestsAreStateful middleware and 'EnsureFrontendRequestsAreStateful::class' to the Http Kernal.
Added my local domains (same top-level domain but 1 with the "test" sub domain and another with "api") to the "stateful domains" option in the Sanctum config file.
Set the "supports_credentials" option in the cors config to "true".
Set my top level domain, prefixed with a "." for the "domain" option in the session config.
Then, I've set Postman up using the guide at https://blog.codecourse.com/laravel-sanctum-airlock-with-postman/
so I've written a script to get the CSRF token from "/sanctum/csrf-cookie" then used said token as the value for the "X-XSRF-TOKEN" in the request header and I can succesfully log in. however, when I try to access a route afterwards that's guarded by the "auth:sanctum" guard, even with the referrer and 'X-XSRF-TOKEN' being set up in the request header I cannot access the route.
After debugging, I can see that $this->auth->guard($guard)->check() is returning false in the authenticate($request, array $guards) method where $guard = "sanctum" in \vendor\laravel\framework\src\Illuminate\Auth\Middleware\Authenticate.php on line 63 because $this->user() is null for the Illuminate\Auth\RequestGuard instance.
Any help or even ideas on things to check would be greatly appreciated as I'm unsure on what to do from here, short of spending a day digging deeper into the request guard object and its instantiation!
Thanks.
The issue a lot folk are seeing when using Postman with Sanctum SPA authentication is that you simply need to add an additional header to your requests, This can be "Referrer" or "Origin" and the value must match the domains set in the sanctum.php config file. e.g. localhost or mysite.test etc.
vendor/laravel/sanctum/src/Http/Middleware/EnsureFrontendRequestsAreStatefull.php in the fromFrontEnd() method is where you can see this requirement. Laravel V8.x and I believe also in Laravel V7.x
Issue has since been resolved and was caused by Postman only saving the "XSRF-TOKEN" and "laravel_session" cookies to the "test" subdomain after logging in (the login URL used this sub domain) and thus not passing them to the "api" subdomain when trying to access the route which was protected by "auth:sanctum". By adding the same cookies to the "api" subdomain via the "Manage Cookies" menu in Postman, the route can now be accessed as intended.
I'm using Laravel Socialite in a project and added the Twitter Provider in order to be able to allow my users to integrate with their Twitter account. I followed the steps here https://socialiteproviders.com/Twitter/ and I'm getting the following error:
Received HTTP status code [401] with message "{"errors":[{"code":32,"message":"Could not authenticate you."}]}" when getting temporary credentials.
If I leave the TWITTER_REDIRECT_URI in my env file blank, the error goes away and the Oauth flow works exactly as it's supposed to. Is anyone else having this issue? If the TWITTER_REDIRECT_URI isn't needed why have it in the docs?
I'm trying to integrate gocardless webhook in my website. I'm developing my site in laravel 5.5. Right now i'm following their instrution. But getting an error 419 Authentication Timeout. I did exactly as followed from their documentation. https://developer.gocardless.com/getting-started/api/staying-up-to-date-with-webhooks/
I created a POST route in my web.php file
Route::post('/test', 'GocardlessWebhookController#remote');
Then i put my secret token in my env file. In the controller i copy paste the same code from that site. Then i trigger the webhook from sandbox test environment.
Can anyone help me out?
Suddenly my application stopped working when trying to access endpoints protected by auth:api middleware in the Laravel 5.6.35 back-end using Passport 7.0.1.
The issue is that it is generating when I register and log-in.
return Response::json([
'token' => $user->createToken('foobar')->accessToken,
'user' => $user
], HTTPResponse::$HTTP_OK);
Insomnia rest will then show the following when accessing the routes belonging to the auth:api middleware.
"message": "Unauthenticated."
It was working until an hour ago, and it stopped after I refreshed the database. I dropped and created a new one, registered a test user and attempted to access and endpoint passing the token as Bearer token and Accept header to application/json. I've done it like this many times, always running php artisan passport:install --force after each refresh.
I don't know how to solve it. I saw where it was failing in TokenGuard.php file, but what to do? Why has it suddenly stopped?
The reason of the issue was because I was setting another field as the primary key of users table, and it was causing an error in the Passport's auto-generated tables.
you must reinstall the passport after refreshed the database.Then only Token will generate
php artisan passport:install
In case you are using Apache Server, Add this line to your httpd.conf file.
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
I am currently testing Stripe webhooks using the latest Laravel Spark. I've got a Stripe account working, meaning that I can add (fake) creditcards and charge subscriptions/single payments. Next, I am using a fake hook endpoint (ultrahook.com) to retrieve webhooks requests from Stripe.
My vanilla route file is from the Spark installation:
$router->post('/webhook/stripe', 'Settings\Billing\StripeWebhookController#handleWebhook');
And should handle all the webhooks fine. To test the webhooks, I checked the StripeWebhookController object and changed a method to log some info:
protected function handleInvoicePaymentSucceeded(array $payload)
{
Log::info('This is some useful handleInvoicePaymentSucceeded.');
}
However, nothing gets logged when I call run a Stripe test webhook of type: invoice.payment_succeeded.
I do see the request coming into the ultrahook console and it gets returned a 200. I can also copy paste the JSON Stripe test webhook and paste it into Postman after which it gets send to http://localhost:80/webhook/stripe ... again a 200 response but nothing logged.
Any advice?
Laravel Cashier instructs you to exclude the webhook routes from VerifyCsrfToken middleware as stated here:
https://laravel.com/docs/5.5/billing#handling-stripe-webhooks
Spark uses Cashier, I'd imagine you need to do the same then.
Well, it appears that I needed to add
CASHIER_ENV=testing
in the env file. Nice to see that in the documentation Laravel... not
stripe webhooks don't call localhost, it should have a domain name to call.
you may use ultrahook gem for that..
it will create a temporary binding url which you can provide in stripe dashboard as callback url
like this
ultrahook stripe 80
which would give you an url that you map it in stripe dashboard
http://stripe.somename.ultrahook.com -> http://localhost:80
NOTE: You can access this url on a browser, it is just a virtual binding