Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
After I press login, browser prompts me with basic authentication alert #340
I'm using laravel passport to setup authentication from front end project to an api. It used to work without any problems, but from time to time the api prompted me a basic authentication alert instead of the laravel login page.
Now since a few days, it sometimes shows me the laravel login page, but after I submit (login) it stays on the same page and shows me a basic authentication alert.
when it does work, it always keeps asking me to autorize the client, also when i've done this previously...
Anyone know what might cause this and how to fix it?
(putting in the same correct credentials in the prompt also fails...)
Hi, @jorenvh1. I also have this problem (Use implicit flow to authorize api requests). After few hours of research I found the problem (it's ridiculous and should be documentated or updated to be more clear for users).
And after that, in Passport exceptions handler:
That response add http-auth headers which cause problem.
So, You cant authorize with this basic auth, coz it's kind of response to Exception thrown during authorization. Cucumbersome stuff.
Hope it wil be helpfull for You. gl lf ))
Ok. Few additional hours and I found solution. But I'm not sure this is completely valid.
Just add this middleware class to Your
Just hit the same issue on a new Laravel install.
Editing the the
I still expect Passport to behave differently. Shouldn't this return a 400 error saying the url we provided is invalid ?
EDIT: From the comments I thought the file at fault was in Passport, but it's actually a League file https://github.com/thephpleague/oauth2-server/blob/master/src/Exception/OAuthServerException.php @
Looks like it was decided to return these headers for every