Ad

JWT The Token Could Not Be Parsed From The Request Only On Live Site

- 1 answer

I have built a custom API using PHP (version 7.0), specifically the Laravel framework (version 5.5.40) that uses the tymon/jwt-auth (version 1.0.0-rc.2) package for user authorization. Many of my controller functions use this line to get the currect user's credentials:

$user = JWTAuth::parseToken()->authenticate();

I use Postman to test my api.

When I make api calls in my local environment, the authorization passes normally and returns the expected data. When I make api calls to my live site API (hosted in my apache server), I get this error:

The token could not be parsed from the request

Since this error only occurs on my live API, I speculated that there is a problem with my API's .htaccess file (which is by the way recognized normally by the application, I did some debugging and checked my apache error_log to make sure changes to my API's .htaccess are recognized). I tried adding these lines (and different variations of these lines as I encountered multiple suggestions while researching):

RewriteEngine On
RewriteCond %{HTTP:Authorization} .+
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

but still the error persists. I tried adding this code:

var_dump($_SERVER);

prior to the:

$user = JWTAuth::parseToken()->authenticate();

and I noticed that on my live API these elements are missing from the $_SERVER array: REDIRECT_HTTP_AUTHORIZATION, HTTP_AUTHORIZATION

Wasn't the above .htaccess code meant to add these manually?

These are my Response Headers as seen in Chrome DevTools:

Access-Control-Allow-Origin: http:/example.gr

Cache-Control: no-cache, private

Connection: close

Content-Encoding: gzip

Content-Type: application/json

Date: Tue, 14 May 2019 11:33:10 GMT

Server: Apache

Transfer-Encoding: chunked

Vary: Origin,Accept-Encoding

X-RateLimit-Limit: 60

X-RateLimit-Remaining: 59

And these are my Request Headers (provisional headers shown):

Accept: application/json, text/plain, /

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9hcGkudjIucmVzY2FwZXIuaG9uZXN0cGFydG5lcnMuZ3JcL2FwaVwvYXV0aFwvbG9naW4iLCJpYXQiOjE1NTc4MzM1ODksImV4cCI6MTY0NDIzMzU4OSwibmJmIjoxNTU3ODMzNTg5LCJqdGkiOiJweDRjNDlOckFQbGMyM21OIiwic3ViIjo1LCJwcnYiOiI4N2UwYWYxZWY5ZmQxNTgxMmZkZWM5NzE1M2ExNGUwYjA0NzU0NmFhIn0.YWPhPDeNrB4TI1gdhBYylrmIAs1-r1-K2M2eKyO89KY

Origin:http://example.gr

Referer:http://example/summary

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36

EDIT: This is the virtual host configuration of the production server for this specific domain as found in the httpd.conf file:

<VirtualHost |example-ip|:80>
  ServerName api.example.gr
    ServerAlias www.api.example.gr
  DocumentRoot /home/example/public_html/api/public
  ServerAdmin [email protected]
  UseCanonicalName Off

  ## User example # Needed for Cpanel::ApacheConf
  <IfModule userdir_module>
    <IfModule !mpm_itk.c>
      <IfModule !ruid2_module>
        <IfModule !mod_passenger.c>
          UserDir enabled example
        </IfModule>
      </IfModule>
    </IfModule>
  </IfModule>

  # Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
  # To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
  # the user's .htaccess file.  For more information, please read:
  #    http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
  <IfModule include_module>
    <Directory "/home/example/public_html/api/public">
      SSILegacyExprParser On
    </Directory>
  </IfModule>



  <IfModule suphp_module>
    suPHP_UserGroup example example
  </IfModule>
  <IfModule suexec_module>
    <IfModule !mod_ruid2.c>
      SuexecUserGroup example example
    </IfModule>
  </IfModule>
  <IfModule ruid2_module>
    RMode config
    RUidGid example example
  </IfModule>
  <IfModule mpm_itk.c>
    # For more information on MPM ITK, please read:
    #   http://mpm-itk.sesse.net/
    AssignUserID example example
  </IfModule>
  <IfModule mod_passenger.c>
    PassengerUser example
    PassengerGroup example
  </IfModule>

  <IfModule alias_module>
    ScriptAlias /cgi-bin/ /home/example/public_html/api/public/cgi-bin/
  </IfModule>





  # To customize this VirtualHost use an include file at the following location
  # Include "/etc/apache2/conf.d/userdata/std/2_4/example/api.example.gr/*.conf"
</VirtualHost>
<VirtualHost 1|example-ip|:443>
  ServerName api.example.gr
  ServerAlias www.api.example.gr
  DocumentRoot /home/example/public_html/api/public
  ServerAdmin [email protected]
  UseCanonicalName Off

  ## User example # Needed for Cpanel::ApacheConf
  <IfModule userdir_module>
    <IfModule !mpm_itk.c>
      <IfModule !ruid2_module>
        <IfModule !mod_passenger.c>
          UserDir enabled example
        </IfModule>
      </IfModule>
    </IfModule>
  </IfModule>

  # Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
  # To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
  # the user's .htaccess file.  For more information, please read:
  #    http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
  <IfModule mod_include.c>
    <Directory "/home/example/public_html/api/public">
      SSILegacyExprParser On
    </Directory>
  </IfModule>


  <Proxymatch ^https?://127\.0\.0\.1:(2082|2083|2077|2078|2079|2080|2086|2087|2095|2096)/>
       <IfModule security2_module>
          SecRuleEngine Off
       </IfModule>
  </Proxymatch>

  <IfModule mod_suphp.c>
    suPHP_UserGroup example example
  </IfModule>
  <IfModule suexec_module>
    <IfModule !mod_ruid2.c>
      SuexecUserGroup example example
    </IfModule>
  </IfModule>
  <IfModule ruid2_module>
    RMode config
    RUidGid example example
  </IfModule>
  <IfModule mpm_itk.c>
    # For more information on MPM ITK, please read:
    #   http://mpm-itk.sesse.net/
    AssignUserID example example
  </IfModule>
  <IfModule mod_passenger.c>
    PassengerUser example
    PassengerGroup example
  </IfModule>

  <IfModule alias_module>
    ScriptAlias /cgi-bin/ /home/example/public_html/api/public/cgi-bin/
  </IfModule>
  <IfModule ssl_module>
    SSLEngine on

    SSLCertificateFile /var/cpanel/ssl/apache_tls/api.example.gr/combined

    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    <Directory "/home/example/public_html/api/public/cgi-bin">
      SSLOptions +StdEnvVars
    </Directory>
  </IfModule>




  # To customize this VirtualHost use an include file at the following location
  # Include "/etc/apache2/conf.d/userdata/ssl/2_4/example/api.example.gr/*.conf"

</VirtualHost>

It should be noted that my actual API's ip and domain haven been replaced with example ones:

front url:http://example.gr

api url:http://api.example.gr

Ad

Answer

PROBLEM FINALLY SOLVED! It was a permissions problem. I defaulted everything to 755 for folders and 644 for files and the HTTP_AUTHORIZATION headers appeared.

Ad
source: stackoverflow.com
Ad