I have a laravel app where I have integrated Cartalyst Sentinel and Laravel Socialite. Before integrating Laravel Socialite, the authentication worked perfectly. After integrating Socialite, first I had an InvalidStateException error on AbstractProvider.php line 200 when I call Socialite::driver('facebook')->user();
The following block is activated
if ($this->hasInvalidState()) {
throw new InvalidStateException;
}
If I comment out the exception, I can login with facebook, however Sentinel does not recognized it as logged in. However when I check the users table on the database, the last_login timestamp is updated. Also when I try the normal authentication, a TokenMismatchException in VerifyCsrfToken.php line 67 appears. The {{csrf_field()}} is included inside the form, and when I remove the middleware from Kernel.php happens the same thing as with Laravel Socialite.
Important
The response is the correct eloquent user object, however when I do the check in the blade view, the check does not pass.
Any help is greatly appreciated
Related
I have tried so many options I could think of or find online, user details are still persisted even after successful deletion of all the tokens!
I am using Laravel sanctum with Vue. The logout function I created works as expected when I use postman to make the request, but this is not the case when I make the request via axios from the browser. The tokens gets deleted quite alright but I still can access protected routes.
I have also tried
Auth::logout()
I have continued to try this using sanctum and web as guard.
Any help will be appreciated.
I'm trying to implement a domain wide authentication (DWA) on top of the usual user authentication. The use case is prevent a work-in-progress site from leaking to google/public.
Created scaffolding code using php artisan make:auth
Log in via /login and is redirect to /home which shows the default You are logged in!
When I reload /home, I see that $this->session->id in SessionGuard.php has an ID value which I will refer to as A, the session also has 5 attributes.
Next, I insert the auth middleware into the route /product/{id} and load it
I see that $this->session->id in SessionGuard.php has a brand new ID with 0 attributes
This causes authenticate() in Authenticate.php middleware to throw an Unauthenticated exception and redirect me to /login
As the browser loads /login, $this->session->id in SessionGuard.php now shows the ID of A with the earlier 5 attributes
/login results in RedirectIfAuthenticated.php middleware running and redirecting to /home
As a result of the DWA, I'm unable to load /product/{id}, it just keeps redirecting me to /home
My question is, why does #5 show a new session ID instead of A?
Where and how is this ID derived in the first place?
Thanks!
I found the solution Problems of routes in own package- Laravel 5.6
It was due to my controller having only the auth but lacking the web middleware. Hope it helps someone.
I am developing a card for Laravel nova.
As part of this, I want an API route that can be posted, but I don't want to have to authenticate against it.
I have registered my route in the card's api.php
Route::post('/endpoint/{id}', function (Request $request, $id) {)
This works if I call it with an already authenticated session.
But if I try to call it from postman I get
HTTP 419 Sorry, your session has expired. Please refresh and try again.
I can see that the card service provider is registering the route as so
Route::middleware(['nova'])
->prefix('nova-vendor/NovaPusherCard')
->group(__DIR__.'/../routes/api.php');
So I guess that Nova is putting some authenticated in front of the route.
Is there a way I can register the route without adding authentication?
ok so I worked it out.
I just needed to update the middleware to api instead of nova.
Suddenly my application stopped working when trying to access endpoints protected by auth:api middleware in the Laravel 5.6.35 back-end using Passport 7.0.1.
The issue is that it is generating when I register and log-in.
return Response::json([
'token' => $user->createToken('foobar')->accessToken,
'user' => $user
], HTTPResponse::$HTTP_OK);
Insomnia rest will then show the following when accessing the routes belonging to the auth:api middleware.
"message": "Unauthenticated."
It was working until an hour ago, and it stopped after I refreshed the database. I dropped and created a new one, registered a test user and attempted to access and endpoint passing the token as Bearer token and Accept header to application/json. I've done it like this many times, always running php artisan passport:install --force after each refresh.
I don't know how to solve it. I saw where it was failing in TokenGuard.php file, but what to do? Why has it suddenly stopped?
The reason of the issue was because I was setting another field as the primary key of users table, and it was causing an error in the Passport's auto-generated tables.
you must reinstall the passport after refreshed the database.Then only Token will generate
php artisan passport:install
In case you are using Apache Server, Add this line to your httpd.conf file.
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
I've added "laravel/passport": "^4.0" package to my fresh install of laravel 5.5 and to consume my own API, i've added \App\Http\Middleware\CreateFreshApiToken::class middleware to the kernal.php.
Also, I've scaffolded the Auth login and registration using php artisan make:auth as well but whenever I try to login or logout it throws a TokenMismatchException and shows me 419 response view.
I checked the csrf token inside the auth forms and also xsrf token inside cookies which is set by laravel/passport package and I found that after changing route to route the token changes which is causing token miss match while logout or login.