4

I am trying to implement passport in my application to authenticate the api calls. I have done the configuration as mentioned in the official documentation. I have this in my auth guard:

'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],

And, this in my AuthServiceProvider's boot() method:

Passport::routes();

And this is the route I am trying to access:

    Route::middleware('auth:api')->get('/user', function (Request $request) {
    return $request->user();
});

Route::group(['namespace' => 'Api', 'middleware' => 'auth:api'], function () {
    // Login Controller
   Route::get('/getclc', 'PreController@getClc');
});

I am sending the header in the request like this:

Authorization:Bearer $accessToken

My question is: 1. When a protected route is requested, it sends me to login page, but I want it to return the 401. How can I do that?

My laravel version is 5.4.33.

Improve this question
5
  • Could you show us all the routes? Commented Aug 24, 2017 at 7:13
  • @AntonisTsimourtos I have updated my question with all the routes. Please have a look. Commented Aug 24, 2017 at 7:15
  • Well the error clearly means that "login" route is not defined. You could try running php artisan make:auth to scaffold the authentication pages needed. Then you could try using php artisan clear:cache Commented Aug 24, 2017 at 7:25
  • I did what you said, and now it sends it to login page instead of returning the error. Commented Aug 24, 2017 at 7:37
  • So "the problem is solved". Now probably you will have to think what you want to do? Do you want to return a 401 if user is not authenticated or redirect him to login page? You could update your question too. Commented Aug 24, 2017 at 7:39

2 Answers 2

Reset to default
6

When authentication fails, Laravel throws an AuthenticationException exception. This exception is handled by your Laravel exception handler, and eventually calls the unauthenticated() method in your app/Exceptions/Handler.php file.

You can see from that method that if your request expects a json response, you'll get a 401 Unauthenticated response. However, if you're not expecting a json response, it just redirects to the route named "login". This will obviously fail if you don't have a route named "login".

Your request "expectsJson" when you send either the "X-Requested-With: XMLHttpRequest" header, or the "Accept: application/json" header. Otherwise, it is considered a normal web request.

If you'd like to change how your application handles unauthenticated users, the unauthenticated() method is the one to change.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Add this code on Headers on postman.

key           Value
Accept        application/json

Thanks

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.