使用通行证和axios访问受保护的控制器时出现401未经授权的错误

Question

我正在使用带有预设反应的laravel 5.8。 目前，我正在尝试进行身份验证，我决定在后端使用护照，在后端使用axios，但是在向受保护的控制器AdminController @ index发出axios请求时出现此错误

GET http://localhost:8000/api/admin/index 401 (Unauthorized)

我希望不会得到它，因为我认为我已验证用户身份

我遵循了laravel护照安装指南，现在我可以注册，登录用户并获取访问令牌，但是似乎用户注销了新的axios请求，因为我收到401错误。 这是一些背景

在中间件中，我添加了这一行

protected $middleware = [
        \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
]

//in AuthServiceProvider I added this and added Carbon because of error
Passport::routes(function ($router) {
            $router->forAccessTokens();
            $router->forPersonalAccessTokens();
            $router->forTransientTokens();
        });

        Passport::tokensExpireIn(Carbon::now()->addMinutes(10));

        Passport::refreshTokensExpireIn(Carbon::now()->addDays(10));

        Passport::cookie('user_data');

在用户模型中，我添加了

use Notifiable, HasApiTokens;
//and
protected $primaryKey = 'id';

将auth：api驱动程序更改为通行证

'api' => [
            'driver' => 'passport',
            'provider' => 'users',
            'hash' => false,
        ],

这是我的迁移表

Schema::create('users', function (Blueprint $table) {
            $table->bigIncrements('id');
            $table->string('name')->unique();
            $table->string('password');
            $table->rememberToken();
            $table->timestamps();
        });

这是我的登录并注册几乎相同的axios请求

        var bodyFormData = new FormData;
        bodyFormData.append('name', this.state.name);
        bodyFormData.append('password', this.state.password);
        axios({
            method: 'post',
            url: '/api/login',
            data: bodyFormData,
            config: { headers: {'Content-Type': 'multipart/form-data' }}
        })
            .then(function (response) {
                if(response.data.auth){
                    var cookies = new Cookies();
                    cookies.set('access_token', response.data.access_token, { path: '/' });
                }
            })
            .catch(function (response) {
            });

这是我的API路线：

//this one is to register using passport
Route::post('/register', 'AuthenticateController@register');

//this one is to login using passport
Route::post('/login', 'AuthenticateController@login');

//this one is to check if user is authenticated
Route::post('/check', 'AuthenticateController@test');

//this one has methods which I want to protect
Route::get('/admin/index', 'AdminController@index');

这是我的AuthenticationController，它为我提供了访问令牌，注册和登录信息，似乎可以正常工作

    public function register(Request $request){
        $validatedData = $request->validate([
            'name' => 'required|max:55|unique:users',
            'password' => 'required'
        ]);
        $validatedData['password'] = bcrypt($request->password);
        $user = User::create($validatedData);
        $accessToken = $user->createToken('authToken')->accessToken;

        return response()->json(["user" => $user, "token" => $accessToken]);

    }

    public function login(Request $request)
    {
        $loginData = $request->validate([
            'name' => 'required',
            'password' => 'required'
        ]);

        if(!auth()->attempt($loginData, true)) {
            return response(['auth' => 
    false]);
        }
        $accessToken = auth()->user()->createToken('authToken')->accessToken;
        return response(['user' => auth()->user(), 'access_token' => 
    $accessToken, 'auth' => true]);
    }

    public function check(){
        $check= auth()->check();
        return response(['user' => $check]);
    }

这是我的AdminController在执行索引方法时抛出401错误

//as I understood after login I can protect my api with middleware line for example 10 minutes, but unsuccessfully

 public function __construct()
    {
        $this->middleware('auth:api'); 

    }

    public function index(){
        return response(['foto' => 'testing protection']);
    }

这是我的反应组件axios请求，它引发了401错误

axios.get("/api/admin/index", {
        headers : {
            'Content-Type' : 'application/json',
            'Accept' : 'application/json',
            'Authorization' : 'Bearer' + cookie.get('access_token')
        }})
        .then(function (response) {
            alert(response.data.foto);
        })
        .catch(function (response) {
            alert("bad")
        })

//I tried 
// headers.append('Authorization', 'bearer ' + cookie.get('access_token'));
// headers.append('Authentication', 'bearer ' + cookie.get('access_token'));
// headers.append('Authorization', 'JWT ' + cookie.get('access_token'));
// headers.append('Authorization', cookie.get('access_token'));
// but error persists

我只想使用middleware(auth:api)保护我的api middleware(auth:api)

还auth->check()给我假，我觉得不好

Answer 1

所以我发现了我的错误，而不是使用

headers : {
            'Authorization' : 'Bearer' + cookie.get('access_token')
        }

我不得不用

//added space
headers : {
            'Authorization' : 'Bearer ' + cookie.get('access_token')
        }

但是我要做的一件奇怪的事是在内核中间件中添加以下行：

\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class

我只是尝试使用邮递员而不是axios，并收到错误消息会话存在问题，此后很容易找到所需的部分