I'm driving crazy! I've been searching around the web on thousands of StackOverFlow questions and haven't solved my issue.
I'm developing an API REST with Laravel Framework 5.7 and Passport 7.0. I've setup every file following the documentation and I'm able to get a token with grant_type=password
(without authentication flow), but when I try to access to a route protected by the auth:api
middleware, I always get a 401 response.
This is my HTTP request:
GET /api/usuario/1/grupos HTTP/1.1
Host: localhost:8000
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI...
Here's my auth.php guard config:
'guards' => [
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
This is the mapApiRoutes()
in my RouteServiceProvider.php:
protected function mapApiRoutes()
{
Route::prefix('api')
->middleware('auth:api')
->namespace($this->namespace)
->group(base_path('routes/api.php'));
}
Thanks.
This is my login request using Postman
This is the 401 when I try to use the token in an api route
EDIT:
If I disable 'auth:api' middleware, I can actually get the Bearer token using $request->bearerToken()
, so the problem is not now with the CSRF token, because I can receive the request.