0

I have installed Laravel Passport and configured it according to the documentation. When calling axios.get from my VueJS file, the first call works as expected. the laravel_session Request Cookie is injected into the request, and the authentication passes, returning the resource.

My problem arises when I try to call the axios.get method again. My use case here is a search function. I'm making a call to /api/banking/accounts/search/{search-term} whenever the user types into a text field, using the code below:

remoteMethod(query) {
            if (query !== '') {
                this.loading = true;

                axios.get(
                    `/api/banking/accounts/search/${escape(query)}`
                ).then(res => {
                    this.destinationAccountDirectory = res.data;
                    this.loading = false;
                });
            } else {
                this.destinationAccountDirectory = [];
            }
        },

This code works fine without any auth:api middleware on the route, and for the first time with auth:api middleware. As can be seen from the screenshots below, the laravel_token value changes and is rejected on subsequent calls to the API.

Responses Responses Responses Responses

**I've tried to removed the \Laravel\Passport\Http\Middleware\CreateFreshApiToken that was added to the web middleware group during passport installation, which seemed to have temporarily solved the issue, until I receive a 419 on a request shortly after. What could be causing the new laravel_tokens to be rejected? **

Alex
  • 3,031
  • 6
  • 34
  • 56
  • What version of Laravel are you using? The web middleware should be setup correctly. – Odyssee May 17 '18 at 09:46
  • I'm using Laravel 5.6. – Alex May 17 '18 at 09:47
  • Have you added the `Laravel\Passport\HasApiTokens` trait to your `App\User` model? And have you changed API driver in `config\auth.php` to passport? – Odyssee May 17 '18 at 09:50
  • @IlyasDeckers I have, yes. My user model is App\Models\Auth\User though - could this be a problem? I've followed all of the steps in the documentation, and the first call to the API works, so it seems unlikely to me that configuration is the issue. I'm really trying to figure out the purpose of the \Laravel\Passport\Http\Middleware\CreateFreshApiToken middleware, as it seems to be problem. – Alex May 17 '18 at 09:52
  • This should not give you any problems. Maybe try to reinstall passport. If you followed the documentation this should work out of the box. – Odyssee May 17 '18 at 09:58
  • I'll reinstall and keep you updated. – Alex May 17 '18 at 10:05
  • @IlyasDeckers I've ran through the installation again and no change. The main question here now seems to be why the new laravel_token is being rejected. – Alex May 17 '18 at 10:28

1 Answers1

0

I solved this by removing the web middleware from my API route. Why it was there in the first place, I have no idea.

I changed my api.php from 

Route::group([
    'middleware' => [
        'web',
        'auth:api']], function() {

    Route::post('/banking/transactions', 'TransactionController@store');

    Route::get('/banking/accounts', 'BankAccountDirectoryController@index');
    Route::get('/accounts/{account}', 'BankAccountDirectoryController@show');
    Route::get('/banking/accounts/search/{term?}', 'BankAccountDirectoryController@search');
});

to

Route::group([
    'middleware' => [
        'auth:api']], function() {

    Route::post('/banking/transactions', 'TransactionController@store');

    Route::get('/banking/accounts', 'BankAccountDirectoryController@index');
    Route::get('/accounts/{account}', 'BankAccountDirectoryController@show');
    Route::get('/banking/accounts/search/{term?}', 'BankAccountDirectoryController@search');
});

Should the API routes be under the web group to benefit from the middleware, or is it purely for UI? Am I safe to do this?

Alex
  • 3,031
  • 6
  • 34
  • 56
  • You should playe your API routes in `routes/api.php` and use the API middleware. More info -> https://stackoverflow.com/questions/39424675/api-or-web-laravel-5-3?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa – Odyssee May 22 '18 at 14:27