Can't get Basic Auth to work

[ortix]

I'm having some troubles with the authentication layer. No matter what I try, I can not use the laravel 4.2 basic auth functionality.

I protected my route in the constructor and this is the response after making a post request with postman:

{"message":"Invalid authentication credentials.","status_code":401}

I'm using 0.8.2

[jasonlewis]

Can you login using the same credentials with a simple Auth::attempt somewhere to make sure that you can successfully authenticate.

[ortix]

I can successfully authenticate using Auth::attempt().
If I try to access a protected route and if I try to access the corresponding URI from the browser it won't even try to authenticate, it will just fail whereas laravel's filter does ask for a password

[stelgenhof]

Hi @Ortix92,

I experienced the same thing. How does your webserver configuration look like? It might be that the authorization headers are not sent. I'm using Apache and had to add the following for this to work

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

[ortix]

I'm using nginx and php-fpm. The auth headers are sent when using the regular laravel basic auth. But as soon as dingo comes into play it breaks down. Weird..

[stelgenhof]

How do your routes look like?

[ruanyl]

Hi, I have the same problem, i am using dingo with jwt-auth. Always got:

{"message":"Failed to authenticate because of bad credentials or an invalid authorization header.","status_code":401}

Route:

Route::api(['version' => 'v1', 'after'=>'cors'], function() {
  Route::group(['prefix' => 'account', 'protected' => true, 'providers' =>'jwt'], function() {
    Route::post('/login', ['protected' => false, 'uses' => 'UserController@login']);
    Route::get('/test_credentials', 'UserController@test_credentials');
  });
});

And i added: Authorization: Bearer {token} in http header.

what i am doing here is

1. login and get the token
2. use the token to access a protected route.
   it fails :(

[tymondesigns]

@ruanyl This might be the same issue as yours tymondesigns/jwt-auth#16

[ruanyl]

@tymondesigns Yeah! I got it solved 😄 Thank you for the information!

[stelgenhof]

Hi @Ortix92,

You might want to add the following to your .htaccess file:

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

As mentioned also by everybody here, the http headers are not set and the above will correct that.

Sacha

[jasonlewis]

Sounds like this is resolved? I shall close it then. Cheers to all who helped.

[ortix]

It turned out to be this line in the config:

    'auth' => [
        'basic' => function ($app) {
            return new Dingo\Api\Auth\BasicProvider($app['auth'], 'username'); // second parameter defaults to email.. i did not know that
        },
    ],

I had no idea it was defaulting on email.. In the documentation it's inferred that the default value can be changed to, for example, email.

[stelgenhof]

Good to hear @Ortix92! I remember now I also changed that setting :)

[NguyenTheSon]

'auth' => [
'jwt' => 'Dingo\Api\Auth\Provider\JWT'
],
result

[feefk]

It should add below to ***.conf

<VirtualHost *:80>
   ...
   ...
    # Fix authentication headers
    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

    ...
</VirtualHost>

But add this to .htaccess don't work

[ahmadbadpey]

I did all ways that described but none of them does not work and when sent requests to protected endpoint 404 Not Found error occures

[cpmichael]

add this to your config/api.php

'auth' => [
        'jwt' => 'Dingo\Api\Auth\Provider\JWT'
    ],