Authentication works fine using <code>'middleware' => 'auth:api'</code> on regular endpoints where the client sends the <code>Authorization=Bearer <access_token></code>. But now I'd like to handle plain image download requests, without Authorization header, having the access token in the query string like this: <code>GET /picture/my_picture.png?access_token=1234</code>. I tried something like this in my middleware, but I can't seem to add headers to the Request: <pre class="prettyprint"><code>if ($request->has('access_token')) { // something like $request->header->set('Authorization', 'Bearer ' . $request->get('access_token')); } if ($this->auth->guard($guard)->guest()) { // throw exception } </code></pre> Can this be done? Maybe intercept or override something/somewhere else?

I had similar issue In your App\Http\Kernal.php register your middleware in $middleware and $routeMiddleware <pre class="prettyprint"><code><?php namespace App\Http; use Illuminate\Foundation\Http\Kernel as HttpKernel; class Kernel extends HttpKernel { /** * The application's global HTTP middleware stack. * * These middleware are run during every request to your application. * * @var array */ protected $middleware = [ \App\Http\Middleware\AddHeaderAccessToken::class, \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class, \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, \App\Http\Middleware\TrimStrings::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, ]; /** * The application's route middleware groups. * * @var array */ protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, // \Illuminate\Session\Middleware\AuthenticateSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, // \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, ], 'api' => [ 'throttle:60,1', 'bindings', ], ]; /** * The application's route middleware. * * These middleware may be assigned to groups or used individually. * * @var array */ protected $routeMiddleware = [ 'addAccessToken' => \App\Http\Middleware\AddHeaderAccessToken::class, 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class, 'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class ]; } </code></pre> Middleware <pre class="prettyprint"><code><?php namespace App\Http\Middleware; use Closure; class AddHeaderAccessToken { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if ($request->has('access_token')) { $request->headers->set('Authorization', 'Bearer ' . $request->get('access_token')); } return $next($request); } } </code></pre>

How can I authenticate a request using Laravel Passport having the access token in query string instead of in header?

Authentication works fine using 'middleware' => 'auth:api' on regular endpoints where the client sends the Authorization=Bearer <access_token>.

But now I'd like to handle plain image download requests, without Authorization header, having the access token in the query string like this: GET /picture/my_picture.png?access_token=1234.

I tried something like this in my middleware, but I can't seem to add headers to the Request:

if ($request->has('access_token')) {
    // something like $request->header->set('Authorization', 'Bearer ' . $request->get('access_token'));
}

if ($this->auth->guard($guard)->guest()) {
    // throw exception
}

Can this be done? Maybe intercept or override something/somewhere else?

How can check access token is valid or not in Laravel?

If you don't want to use the Passport middleware in the project where you want to validate the tokens, you would have to create an endpoint in the Laravel Passport server that can accept the token, perform the usual Passport validation and return a response to your service.

How does Laravel Passport authentication work?

Laravel Passport is an easy way to set up an authentication system for your API. As a Laravel package, it uses an OAuth2 server to perform authentication, creating tokens for user applications that request to interface with the API it protects, and only granting them access if their tokens are validated.

How can I get token in Laravel Passport?

Requesting Tokens Once you have created a password grant client, you may request an access token by issuing a POST request to the /oauth/token route with the user's email address and password. Remember, this route is already registered by the Passport::routes method so there is no need to define it manually.

How do I authenticate API key in Laravel?

By default, Laravel ships with a simple solution to API authentication via a random token assigned to each user of your application. In your config/auth. php configuration file, an api guard is already defined and utilizes a token driver.

I had similar issue In your App\Http\Kernal.php

register your middleware in $middleware and $routeMiddleware

<?php

namespace App\Http;

use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel
{
    /**
     * The application's global HTTP middleware stack.
     *
     * These middleware are run during every request to your application.
     *
     * @var array
     */
    protected $middleware = [
        \App\Http\Middleware\AddHeaderAccessToken::class,

        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
        \App\Http\Middleware\TrimStrings::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
    ];

    /**
     * The application's route middleware groups.
     *
     * @var array
     */
    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
//            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            'throttle:60,1',
            'bindings',
        ],
    ];

    /**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        'addAccessToken' => \App\Http\Middleware\AddHeaderAccessToken::class,
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,

        'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
        'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class
    ];
}

Middleware

<?php

namespace App\Http\Middleware;

use Closure;

class AddHeaderAccessToken
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
      if ($request->has('access_token')) {
         $request->headers->set('Authorization', 'Bearer ' . $request->get('access_token'));
        }
        return $next($request);
    }
}

How can I authenticate a request using Laravel Passport having the access token in query string instead of in header?

Tags:

php

laravel

laravel-5.3

laravel-passport

John

People also ask

1 Answers

user3209130

Recent Activity

Donate For Us

How can I authenticate a request using Laravel Passport having the access token in query string instead of in header?

Tags:

php

laravel

laravel-5.3

laravel-passport

John

People also ask

1 Answers

user3209130

Related questions

Recent Activity

Donate For Us