Can't get api.auth middleware to work on jwt auth

[rawaludin]

I was following this tutorial https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps

So, I could get the token using this method:

<?php
....
class AuthenticateController extends Controller
{
   ...
    public function authenticate(Request $request)
    {
        $credentials = $request->only('email', 'password');

        try {
            // verify the credentials and create a token for the user
            if (! $token = JWTAuth::attempt($credentials)) {
                return response()->json(['error' => 'invalid_credentials'], 401);
            }
        } catch (JWTException $e) {
            // something went wrong
            return response()->json(['error' => 'could_not_create_token'], 500);
        }

        // if no errors are encountered we can return a JWT
        return response()->json(compact('token'));
    }
}

(I don't know whats the best way to authenticate and get the token in Dingo/Api).

To protect the other method, I use this:

<?php
....

class AuthenticateController extends Controller
{
    public function __construct()
    {
       $this->middleware('api.auth', ['except' => ['authenticate']]);
    }

    public function index()
    {
        // Retrieve all the users in the database and return them
        $users = \App\User::all();
        return $users;
    }
   ....
}

Here is the route I use:

Route::group(['prefix' => 'api'], function()
{
    Route::resource('authenticate', 'AuthenticateController', ['only' => ['index']]);
    Route::post('authenticate', 'AuthenticateController@authenticate');
});

And some of my configuration:

'auth' => [
        'basic' => function ($app) {
            return new Dingo\Api\Auth\Provider\Basic($app['auth']);
        },
        'basic' => function ($app) {
            return new Dingo\Api\Auth\Provider\JWT($app['Tymon\JWTAuth\JWTAuth']);
        }
    ],

So, I expect after logged in, I could access the index method. It works when I followed the tutorial. But, it always yield error when I used above configuration:

FatalErrorException in Auth.php line 50:
Call to a member function getAuthProviders() on null

Of course, I have sent the token:

How to fix this? Is there something I done wrong?
As more info, I'm using:

$ php -v
PHP 5.6.2 (cli) (built: Oct 28 2014 00:01:08)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2014 Zend Technologies

When developing, I use php artisan serve and access the web from localhost:8000. Thanks.. :)

[jasonlewis]

All of this should come under Dingo, even the authentication. In saying that you should avoid returning JSON responses like you are currently. Throw HttpExceptions and/or return responses from the response builder.

The error looks like it's related to the above problem. The api.auth middleware can only be used on API routes, that means you need to use the API router.

$api = app('api.router');

$api->version('v1', function ($api) {
    // route definitions here
});

[rawaludin]

I've changed the route to this:

$api = app('Dingo\Api\Routing\Router');

$api->version('v1', function ($api) {
    $api->resource('authenticate', 'App\Http\Controllers\AuthenticateController', ['only' => ['index']]);
});

Route::group(['prefix' => 'api'], function()
{
    Route::post('authenticate', 'AuthenticateController@authenticate');
});

In the routing I got this:

$ php artisan api:routes
+--------------------+-----------------------+--------------------+---------+-----------+------------+----------+
| Host               | URI                   | Name               | Action  | Protected | Version(s) | Scope(s) |
+--------------------+-----------------------+--------------------+---------+-----------+------------+----------+
| localhost:8000/api | GET|HEAD authenticate | authenticate.index | Closure | No        | v1         |          |
+--------------------+-----------------------+--------------------+---------+-----------+------------+----------+

But, when I try to GET to /api/authenticate, I got

MethodNotAllowedHttpException in RouteCollection.php line 201:

[rawaludin]

I found that, when I attach the middleware to controller, it won't showed as protected in api:routes. But, when I move the filter to route:

$api->version('v1', ['middleware'=>'api.auth'], function ($api) {

I got:

$ php artisan api:routes
+--------------------+-----------------------+--------------------+---------+-----------+------------+----------+
| Host               | URI                   | Name               | Action  | Protected | Version(s) | Scope(s) |
+--------------------+-----------------------+--------------------+---------+-----------+------------+----------+
| localhost:8000/api | GET|HEAD authenticate | authenticate.index | Closure | Yes       | v1         |          |
+--------------------+-----------------------+--------------------+---------+-----------+------------+----------+

But, I still got the above error (MethodNotAllowedHttpException).

[jasonlewis]

Can you post more of the stack trace as that's more valuable in terms of debugging.

Have you configured everything? API_PREFIX has been set to api? It kind of looks like you're using API_DOMAIN with a value of localhost:8000/api. You should be using a prefix, the generated routes would look like this then:

$ php artisan api:routes
+------+----------------------------+------------------------+---------+-----------+------------+----------+
| Host | URI                        | Name                   | Action  | Protected | Version(s) | Scope(s) |
+------+----------------------------+------------------------+---------+-----------+------------+----------+
|      | GET|HEAD /api/authenticate | api.authenticate.index | Closure | No        | v1         |          |
+------+----------------------------+------------------------+---------+-----------+------------+----------+

[rawaludin]

Ok, I've changed it to use API_PREFIX. Here is my current route:

+----------------+----------------------------+------------------------+---------+-----------+------------+----------+
| Host           | URI                        | Name                   | Action  | Protected | Version(s) | Scope(s) |
+----------------+----------------------------+------------------------+---------+-----------+------------+----------+
| localhost:8000 | GET|HEAD /api/authenticate | api.authenticate.index | Closure | Yes       | v1         |          |
+----------------+----------------------------+------------------------+---------+-----------+------------+----------+

I'm still get the same error. Here is a full stack trace:

debug: {line: 201,…}
class: "Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException"
file: "/Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Routing/RouteCollection.php"
line: 201
trace: [,…]
0: "#0 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Routing/RouteCollection.php(188): Illuminate\Routing\RouteCollection->methodNotAllowed(Array)"
1: "#1 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Routing/RouteCollection.php(140): Illuminate\Routing\RouteCollection->getRouteForMethods(Object(Dingo\Api\Http\Request), Array)"
2: "#2 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Routing/Router.php(746): Illuminate\Routing\RouteCollection->match(Object(Dingo\Api\Http\Request))"
3: "#3 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Routing/Router.php(655): Illuminate\Routing\Router->findRoute(Object(Dingo\Api\Http\Request))"
4: "#4 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Routing/Router.php(631): Illuminate\Routing\Router->dispatchToRoute(Object(Dingo\Api\Http\Request))"
5: "#5 /Users/rahmatawaludin/Code/dingo/vendor/dingo/api/src/Routing/Adapter/Laravel.php(65): Illuminate\Routing\Router->dispatch(Object(Dingo\Api\Http\Request))"
6: "#6 /Users/rahmatawaludin/Code/dingo/vendor/dingo/api/src/Routing/Router.php(526): Dingo\Api\Routing\Adapter\Laravel->dispatch(Object(Dingo\Api\Http\Request), 'v1')"
7: "#7 /Users/rahmatawaludin/Code/dingo/vendor/dingo/api/src/Http/Middleware/Request.php(110): Dingo\Api\Routing\Router->dispatch(Object(Dingo\Api\Http\Request))"
8: "#8 [internal function]: Dingo\Api\Http\Middleware\Request->Dingo\Api\Http\Middleware\{closure}(Object(Dingo\Api\Http\Request))"
9: "#9 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(139): call_user_func(Object(Closure), Object(Dingo\Api\Http\Request))"
10: "#10 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(54): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))"
11: "#11 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Dingo\Api\Http\Request), Object(Closure))"
12: "#12 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)"
13: "#13 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(62): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))"
14: "#14 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Dingo\Api\Http\Request), Object(Closure))"
15: "#15 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)"
16: "#16 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))"
17: "#17 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Dingo\Api\Http\Request), Object(Closure))"
18: "#18 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)"
19: "#19 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))"
20: "#20 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Dingo\Api\Http\Request), Object(Closure))"
21: "#21 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)"
22: "#22 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(42): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))"
23: "#23 [internal function]: Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Dingo\Api\Http\Request), Object(Closure))"
24: "#24 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)"
25: "#25 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Dingo\Api\Http\Request))"
26: "#26 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Dingo\Api\Http\Request))"
27: "#27 /Users/rahmatawaludin/Code/dingo/vendor/dingo/api/src/Http/Middleware/Request.php(111): Illuminate\Pipeline\Pipeline->then(Object(Closure))"
28: "#28 /Users/rahmatawaludin/Code/dingo/vendor/dingo/api/src/Http/Middleware/Request.php(89): Dingo\Api\Http\Middleware\Request->sendRequestThroughRouter(Object(Dingo\Api\Http\Request))"
29: "#29 [internal function]: Dingo\Api\Http\Middleware\Request->handle(Object(Illuminate\Http\Request), Object(Closure))"
30: "#30 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)"
31: "#31 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))"
32: "#32 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
33: "#33 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(122): Illuminate\Pipeline\Pipeline->then(Object(Closure))"
34: "#34 /Users/rahmatawaludin/Code/dingo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(87): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))"
35: "#35 /Users/rahmatawaludin/Code/dingo/public/index.php(54): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))"
36: "#36 /Users/rahmatawaludin/Code/dingo/server.php(21): require_once('/Users/rahmataw...')"
37: "#37 {main}"
message: "405 Method Not Allowed"
status_code: 405

Here is the call:

Here is my current configuration:

<?php

return [
    'vendor' => env('API_VENDOR', ''),
    'version' => env('API_VERSION', 'v1'),
    'prefix' => env('API_PREFIX', null),
    'domain' => env('API_DOMAIN', null),
    'name' => env('API_NAME', null),
    'conditionalRequest' => env('API_CONDITIONAL_REQUEST', true),
    'strict' => env('API_STRICT', false),
    'debug' => env('API_DEBUG', false),
    'errorFormat' => [
        'message' => ':message',
        'errors' => ':errors',
        'code' => ':code',
        'status_code' => ':status_code',
        'debug' => ':debug',
    ],
    'auth' => [
        'basic' => function ($app) {
            return new Dingo\Api\Auth\Provider\Basic($app['auth']);
        },
        'jwt' => function ($app) {
            return new Dingo\Api\Auth\Provider\JWT($app['Tymon\JWTAuth\JWTAuth']);
        }
    ],
    'throttling' => [],
    'transformer' => env('API_TRANSFORMER', 'Dingo\Api\Transformer\Adapter\Fractal'),
    'defaultFormat' => env('API_DEFAULT_FORMAT', 'json'),
    'formats' => [
        'json' => 'Dingo\Api\Http\Response\Format\Json',
    ],

];

And my .env file:

APP_ENV=local
APP_DEBUG=true
APP_KEY=YGlcVxEa8i5KJLlbyvBQzU03kpDAZlOc

DB_HOST=localhost
DB_DATABASE=jotbot
DB_USERNAME=homestead
DB_PASSWORD=secret

CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync

MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null

API_VENDOR=local
API_NAME=FundPlaces Referral API
API_DEBUG=true
API_DOMAIN=localhost:8000
API_PREFIX=api

I also post my code to github at https://github.com/rahmatawaludin/dingo-jwt-sample

I hope that help. Thanks.. :)

[jasonlewis]

You don't need API_DOMAIN if you're using API_PREFIX. It's either one or the other.

[rawaludin]

Thanks, removing API_DOMAIN fix it.. :)