php – Laravel – JWT Auth The token could not be parsed from the request-ThrowExceptions

Exception or error:

I have added following code in my middleware for user authentication with JWT Auth, which works fine for all the routes handled by the middleware.

public function handle($request, Closure $next)
{
    if ($request->has('token')) {
        try {
            $this->auth = JWTAuth::parseToken()->authenticate();
            return $next($request);
        } catch (JWTException $e) {
            return redirect()->guest('user/login');
        }
    }
}

But for one route with Post Method where the token is getting passed properly but still I am getting JWTException – The token could not be parsed from the request, on the same route when I tried

public function handle($request, Closure $next)
{
    if ($request->has('token')) {
        try {
            dd($request->input('token'));
            $this->auth = JWTAuth::parseToken()->authenticate();
            return $next($request);
        } catch (JWTException $e) {
            return redirect()->guest('user/login');
        }
    }
}

output:

"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9iaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwMDFcL2F1dGhcL2xvZ2luIiwiaWF0IjoxNDcyNTI4NDU0LCJleHAiOjE0NzI1MzIwNTQsIm5iZiI6MTQ3MjUyODQ1NCwianRpIjoiM2E0M2ExYTZlNmM5NjUxZDgxYjZhNDcxMzkxODJlYjAifQ.CH8ES2ADTCrVWeIO8uU31bGDnH7h-ZVTWxrdXraLw8s"

I am able to see the Valid Token which I am using to access another routes and which is working flawlessly for all other routes.

Thanks in advance!!!

How to solve:

From your description, i checked source file of JWT Auth.

in class Tymon\JWTAuth\JWTAuth line 191 – 219 , there have two functions:

/**
 * Parse the token from the request.
 *
 * @param string $query
 *
 * @return JWTAuth
 */
public function parseToken($method = 'bearer', $header = 'authorization', $query = 'token')
{
    if (! $token = $this->parseAuthHeader($header, $method)) {
        if (! $token = $this->request->query($query, false)) {
            throw new JWTException('The token could not be parsed from the request', 400);
        }
    }

    return $this->setToken($token);
}

/**
 * Parse token from the authorization header.
 *
 * @param string $header
 * @param string $method
 *
 * @return false|string
 */
protected function parseAuthHeader($header = 'authorization', $method = 'bearer')
{
    $header = $this->request->headers->get($header);

    if (! starts_with(strtolower($header), $method)) {
        return false;
    }

    return trim(str_ireplace($method, '', $header));
}

check the logic of them, i believe your request header is not properly provided.

if (! $token = $this->parseAuthHeader($header, $method)) { // all your get method not passed this step
   if (! $token = $this->request->query($query, false)) { // all your post method stucked here 
       throw new JWTException('The token could not be parsed from the request', 400);
   }
}

proprly header is like this :

http POST http://${host}/api/v1/product/favorite/111 "Authorization: Bearer ${token}".

above is what i can offers for you, hope it will help you through your thoughts. If it won’t you still can debug from those two functions.

Answer:

I had the same issue on ec2 amazon AMI Linux php7.2 apache2.4 but token get generated in apache request headers but was not visible in Laravel request header
so add this code in middleware this will work only on your server but may not work on localhost.

 $headers = apache_request_headers();
 $request->headers->set('Authorization', $headers['authorization']);

JWT middleware

    try {
            $headers = apache_request_headers(); //get header
            $request->headers->set('Authorization', $headers['authorization']);// set header in request

            $user = JWTAuth::parseToken()->authenticate();
        } catch (Exception $e) {
            if ($e instanceof \Tymon\JWTAuth\Exceptions\TokenInvalidException){
                return response()->json(['status' => 'Token is Invalid']);
            }else if ($e instanceof \Tymon\JWTAuth\Exceptions\TokenExpiredException){
                return response()->json(['status' => 'Token is Expired']);
            }else{
                return response()->json(['status' => 'Authorization Token not found']);
            }
        }

Answer:

I add this in /etc/apache2/apache2.conf.

<Directory /var/www/html>
        AllowOverride all
</Directory>

(remember to restart your apache)

Removing index.php from my url, resolve this problem.

/public/index.php/api/user/login -> /public/api/user/login

Answer:

Fixed it by adding RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] to the .htaccess, so the authorization header does not get discarded by Laravel. Might be useful to add this to the docs.

Leave a Reply

Your email address will not be published. Required fields are marked *