Laravel Passport API Status Code:403 Forbidden
I am developing an Ionic Mobile App that connects to the server in Laravel via REST API. I used the Laravel passport package and configured some stuffs on how authorization tokens will work on the API. So I write some code on providers for the Ionic app and I have this login function for the user in the mobile to logged in via API from the server but it keeps telling me this error:
Status Code:403 Forbidden
This seems to be a server side error that I don't have the permission to access this resources. Right?
So the server understood the request coming from the Ionic side but refuses it or forbidden by the server.
I used the CORS Allow-Control-Origin to connect Ionic apps to Laravel.
However when I tried to do a POST request using POSTMAN with all the grant types and client secret provided by the Laravel passport package it is successful that it give me the token type bearer, access token and the refresh token by the oauth.
Here is the code in my Middleware Cors
<?php
namespace AppHttpMiddleware;
use Closure;
class Cors
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
}
}
and here is the code in my api routes:
<?php
use IlluminateHttpRequest;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::middleware('auth:api', 'cors')->get('/user', function (Request $request) {
return $request->user();
});
Route::resource('departments', 'DepartmentAPIController');
Route::resource('users', 'UserAPIController');
Route::get('users/{username}', 'UserAPIController@getAccount');
Route::resource('inspection_checklists', 'InspectionChecklistsAPIController');
Btw I am using the getAccount function in the User API Controller.
Appreciate if someone can help.
Thanks in advance.
php laravel api cors laravel-5.4
asked Oct 30 '17 at 5:51
JaaayzJaaayz
3462725
add a comment |
I am developing an Ionic Mobile App that connects to the server in Laravel via REST API. I used the Laravel passport package and configured some stuffs on how authorization tokens will work on the API. So I write some code on providers for the Ionic app and I have this login function for the user in the mobile to logged in via API from the server but it keeps telling me this error:
Status Code:403 Forbidden
This seems to be a server side error that I don't have the permission to access this resources. Right?
So the server understood the request coming from the Ionic side but refuses it or forbidden by the server.
I used the CORS Allow-Control-Origin to connect Ionic apps to Laravel.
However when I tried to do a POST request using POSTMAN with all the grant types and client secret provided by the Laravel passport package it is successful that it give me the token type bearer, access token and the refresh token by the oauth.
Here is the code in my Middleware Cors
<?php
namespace AppHttpMiddleware;
use Closure;
class Cors
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
}
}
and here is the code in my api routes:
<?php
use IlluminateHttpRequest;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::middleware('auth:api', 'cors')->get('/user', function (Request $request) {
return $request->user();
});
Route::resource('departments', 'DepartmentAPIController');
Route::resource('users', 'UserAPIController');
Route::get('users/{username}', 'UserAPIController@getAccount');
Route::resource('inspection_checklists', 'InspectionChecklistsAPIController');
Btw I am using the getAccount function in the User API Controller.
Appreciate if someone can help.
Thanks in advance.
php laravel api cors laravel-5.4
asked Oct 30 '17 at 5:51
JaaayzJaaayz
3462725
add a comment |
I am developing an Ionic Mobile App that connects to the server in Laravel via REST API. I used the Laravel passport package and configured some stuffs on how authorization tokens will work on the API. So I write some code on providers for the Ionic app and I have this login function for the user in the mobile to logged in via API from the server but it keeps telling me this error:
Status Code:403 Forbidden
This seems to be a server side error that I don't have the permission to access this resources. Right?
So the server understood the request coming from the Ionic side but refuses it or forbidden by the server.
I used the CORS Allow-Control-Origin to connect Ionic apps to Laravel.
However when I tried to do a POST request using POSTMAN with all the grant types and client secret provided by the Laravel passport package it is successful that it give me the token type bearer, access token and the refresh token by the oauth.
Here is the code in my Middleware Cors
<?php
namespace AppHttpMiddleware;
use Closure;
class Cors
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
}
}
and here is the code in my api routes:
<?php
use IlluminateHttpRequest;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::middleware('auth:api', 'cors')->get('/user', function (Request $request) {
return $request->user();
});
Route::resource('departments', 'DepartmentAPIController');
Route::resource('users', 'UserAPIController');
Route::get('users/{username}', 'UserAPIController@getAccount');
Route::resource('inspection_checklists', 'InspectionChecklistsAPIController');
Btw I am using the getAccount function in the User API Controller.
Appreciate if someone can help.
Thanks in advance.
php laravel api cors laravel-5.4
asked Oct 30 '17 at 5:51
JaaayzJaaayz
3462725
I am developing an Ionic Mobile App that connects to the server in Laravel via REST API. I used the Laravel passport package and configured some stuffs on how authorization tokens will work on the API. So I write some code on providers for the Ionic app and I have this login function for the user in the mobile to logged in via API from the server but it keeps telling me this error:
Status Code:403 Forbidden
This seems to be a server side error that I don't have the permission to access this resources. Right?
So the server understood the request coming from the Ionic side but refuses it or forbidden by the server.
I used the CORS Allow-Control-Origin to connect Ionic apps to Laravel.
However when I tried to do a POST request using POSTMAN with all the grant types and client secret provided by the Laravel passport package it is successful that it give me the token type bearer, access token and the refresh token by the oauth.
Here is the code in my Middleware Cors
<?php
namespace AppHttpMiddleware;
use Closure;
class Cors
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
}
}
and here is the code in my api routes:
<?php
use IlluminateHttpRequest;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::middleware('auth:api', 'cors')->get('/user', function (Request $request) {
return $request->user();
});
Route::resource('departments', 'DepartmentAPIController');
Route::resource('users', 'UserAPIController');
Route::get('users/{username}', 'UserAPIController@getAccount');
Route::resource('inspection_checklists', 'InspectionChecklistsAPIController');
Btw I am using the getAccount function in the User API Controller.
Appreciate if someone can help.
Thanks in advance.
php laravel api cors laravel-5.4
php laravel api cors laravel-5.4
asked Oct 30 '17 at 5:51
JaaayzJaaayz
3462725
asked Oct 30 '17 at 5:51
JaaayzJaaayz
3462725
asked Oct 30 '17 at 5:51
JaaayzJaaayz
3462725
asked Oct 30 '17 at 5:51
JaaayzJaaayz
3462725
asked Oct 30 '17 at 5:51
JaaayzJaaayz
3462725
3462725
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
There is nothing to do with CORS.
as stated in passport documentation:
The JSON API is guarded by the
webandauthmiddlewares; therefore, it may only be called from your own application. It is not able to be called from an external source.
That means you have to be logged in to use these routes.
answered Nov 24 '18 at 11:22
Some DevSome Dev
8510
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f47008821%2flaravel-passport-api-status-code403-forbidden%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
There is nothing to do with CORS.
as stated in passport documentation:
The JSON API is guarded by the
webandauthmiddlewares; therefore, it may only be called from your own application. It is not able to be called from an external source.
That means you have to be logged in to use these routes.
answered Nov 24 '18 at 11:22
Some DevSome Dev
8510
add a comment |
There is nothing to do with CORS.
as stated in passport documentation:
The JSON API is guarded by the
webandauthmiddlewares; therefore, it may only be called from your own application. It is not able to be called from an external source.
That means you have to be logged in to use these routes.
answered Nov 24 '18 at 11:22
Some DevSome Dev
8510
add a comment |
There is nothing to do with CORS.
as stated in passport documentation:
The JSON API is guarded by the
webandauthmiddlewares; therefore, it may only be called from your own application. It is not able to be called from an external source.
That means you have to be logged in to use these routes.
answered Nov 24 '18 at 11:22
Some DevSome Dev
8510
There is nothing to do with CORS.
as stated in passport documentation:
The JSON API is guarded by the
webandauthmiddlewares; therefore, it may only be called from your own application. It is not able to be called from an external source.
That means you have to be logged in to use these routes.
answered Nov 24 '18 at 11:22
Some DevSome Dev
8510
answered Nov 24 '18 at 11:22
Some DevSome Dev
8510
answered Nov 24 '18 at 11:22
Some DevSome Dev
8510
answered Nov 24 '18 at 11:22
Some DevSome Dev
8510
8510
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f47008821%2flaravel-passport-api-status-code403-forbidden%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
