Comments (8)
@shah-newaz I'm not sure if this is related to your issue, but I had a problem with the fact that laravel encrypts cookies. I have made a middleware that checks the token, and this middleware is (apparently) called before the EncryptCookies
middleware has a chance to be called. Therefore instead of something like:
JWTAuth::setToken($request->cookie('token'));
It was necessary instead to write:
JWTAuth::setToken(Crypt::decrypt($request->cookie('token')));
Again, this might not be 100% relevant for your issue, but perhaps some else experienced the same as me :)
from jwt-auth.
Hi @k4kuz0 !
Was exactly my issue :) I found it out thankfully and solved by adding the token to the $except
array of Laravels EncryptCookies middleware (App\Http\Middleware\EncryptCookies.php)
namespace App\Http\Middleware;
use Illuminate\Cookie\Middleware\EncryptCookies as BaseEncrypter;
class EncryptCookies extends BaseEncrypter
{
/**
* The names of the cookies that should not be encrypted.
*
* @var array
*/
protected $except = [
'token'
];
}
Like so.
Cheers!
from jwt-auth.
Hi drawmyattention,
Looks like it's caused by JWTAuth returning false when it's unable to parseToken().
You could check for token parsing success before fetching the user, ie:
if (! $auth = JWTAuth::parseToken();) {
throw Exception('JWTAuth unable to parse token from request');
}
$user = $auth->toUser();
from jwt-auth.
You were right, it wasn't able to parse the token from a POST parameter. I had to set the token in a header (my mistake).
However, now when I send a request with an Authorisation bearer {token} header, the parseToken() method no longer kicks out an error, but the toUser() method results in
'Wrong number of segments'
I'm generating the token using:
$user = User::find(1);
$token = JWTAuth::fromUser($user);
dd($token);
Then copying the token generated:
eyJhbGXXXXXXXXXXIkpXUyJ9.eyJzdWIiOjEsImlzcyI6Imh0dHA6XC9cL2w1LmFwcFwvaG9tZSIsImlhdCI6IjE0MjM0NzMyNzciLCJleHAiOiIxNDIzNXXXXXXXXX3MjI2YWFjY2RmIn0.NTI3ZWUyMzUzMWUzMzY2ZTViNDk3ZjBjNTEyYjVjZmI3MXXXXXXXXXXXOWNjNzg0Mw
to use in the auth header.
I've added a bit of debugging to my code to try to quickly see what's going on, and it looks like the validateStructure() method is called twice. The first time, a token is present but the second time an empty token is being passed, which is causing the Exception to be thrown.
from jwt-auth.
Thanks, I will have a look into this.
Note: I think I will change it so that parse token will throw an exception instead of returning false if the token cannot be extracted from the request.
from jwt-auth.
Hi! Any news on this?
When I'm doing a authentication and sending token as response to JS app, it works fine.
The JS app sets the cookie and sends it with header.
However, when I set it from Laravel using Laravel cookie helper, it gives me 'Wrong number of segments'
This is what fails currently
$token = JWTAuth::fromUser($user);
$expire = 60 * 60 * 24 * 90;
$cookieJar->queue(cookie('token', $token, $expire, null, null, null, false));
return redirect('app');
I can verify the token is being generated correctly and the JS app is returning the cookie generated by laravel.
As you can see, I set the http only flag as false too. Tried without that as well.
Any ideas?
Thank you so much for the excellent library
@tymondesigns
from jwt-auth.
@shah-newaz Glad you found a solution! However note that if you use the solution I mentioned, you can keep the token encrypted, perhaps unnecessary, but extra security is always nice!
from jwt-auth.
@k4kuz0 Hmm, I think you're decrypting the token by Crypt::decrypt($request->cookie('token')
The token is already encrypted. Laravel was double encrypting it. Which was the issue. I can be wrong.
Thanks again!
from jwt-auth.
Related Issues (20)
- Method factory on JWTGuard not found
- setSecret method for custom JWT key is not working HOT 1
- Troubleshooting Issues with Laravel Tests and JWT Authentication HOT 2
- Examples for unmentioned routes (like Email Verification) HOT 1
- Followed the Laravel installation and quick start, getting error: "Tymon\\JWTAuth\\JWTGuard::login(): Argument #1 ($user) must be of type Tymon\\JWTAuth\\Contracts\\JWTSubject
- is possible use sap hana obdc with tymondesigns / jwt-auth ?
- Using a string instead of a file path for the `private` property in `jwt.php`.
- Clarification on Refresh Token Behaviour HOT 5
- attempt() never returns null, but returns blank booleans HOT 1
- Laravel 11 requires an update.
- Laravel 11 Compatibility needs nesbot/carbon ^3.0 HOT 1
- Random @deprecated docs
- Not authenticating api.php routes requests. HOT 3
- Wrong remaining minutes when blacklisting a token HOT 4
- Duplicate query to blacklisted tokens table
- Error when using the auth()->tokenById($id) function. HOT 1
- Redis connection to store blacklisted jwts HOT 1
- How does the jwt invlalidating works ? HOT 1
- TypeError: Carbon\Carbon::rawAddUnit(): Argument #3 ($value) must be of type int|float, string given, HOT 3
- JWTAuth::getJWTProvider()->setSecret( ... dosent work
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt-auth.