Laravel 5.3 API

Question

When user enter username and password on the the browser and successfully logged in.

I like to make some API requests after user have logged in.

Laravel 5.3 provide api.php in routes folder.

in api.php I have included:

Route::group(['middleware' => ['auth']], function () {
    Route::get('/test', function (Request $request) {
         return response()->json(['name' => 'test']);
    });
});

When requesting domain.com/api/test on the browser, for some reason it is redirecting to /home ?

API token is not needed.

Answer 1

If you are specifying routes in api.php, you will need to use the auth:api middleware. So using your example it would be:

Route::group(['middleware' => ['auth:api']], function () {
    Route::get('/test', function (Request $request) {
         return response()->json(['name' => 'test']);
    });
});

Notes about Token auth and Laravel 5.3:

• If you've setup laravel's default auth system, you will also need to add a column for api_token to the user table. If you are using DB seeders, you might want to add something like: $table->char('api_token', 60)->nullable(); to your users table seeder. Alternatively just add the column manually and fill that column with a random 60-char key.
• When making the request, you can add the api_token as a URL/Querystring parameter like so: domain.com/api/test?api_token=[your 60 char key] . You can also send the key as a header (if using Postman or similar), ie: Header: Authorization , Value: Bearer [your 60 char key] .
• I order to get a useful error if the token is incorrect, and not just be redirected to login, also send the following header with all requests: Header: Accept , Value: application/json . This allows the expectsJson() check in the unauthenticated() function inside App/Exceptions/Handler.php to work correctly.

I found it hard to find clear docs from Laravel about using token auth with 5.3, I think it's because there's a drive to make use of Passport , and it supports tokens in a different way. Here's the article that probably helped most getting it working: https://gistlog.co/JacobBennett/090369fbab0b31130b51

Answer 2

first install the passport as stated here laravel passport installation

while consuming your own api add below line in your config/app.php in middleware section

'web' => [
// Other middleware...
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],

now change your route to

Route::group(['middleware' => ['auth:api']], function () {
Route::get('/test', function (Request $request) {
     return response()->json(['name' => 'test']);
});
});

now in your config/auth.php change these lines

 'api' => [
    'driver' => 'passport',
    'provider' => 'users',
],

Answer 3

The reason you are being redirected back to home is because the auth middleware checks if a user session is stored in your browser, but since api middleware does not make use of sessions ( see app\\http\\kernel.php ), your request is considered unauthenticated

If you would like to perform simple APIs that utilize sessions, feel free to add them in your web routes, and make sure to secure them by grouping them inside an auth middleware.

Answer 4

The standard behaviour in Laravel 5.5 is to delegate handling of authentication exceptions to app/Handler::unauthenticated(), in your project's application code. You'll find the code in there that redirects to the login page, and you can override it or perform further tests and contextualization in there. In previous versions of Laravel, 5.3 among them I believe, this exception handling was executed way down within the Laravel library within the vendor folder.