passport: Invalid token cause 500 error.

I have simple route which is guarded by auth:api and I haven’t any access tokens in database (oauth_access_tokens) saved in database. I am getting 500 error intstead of 401

➜ curl -i http://127.0.01:8000/api/user -H “Authorization: Bearer fakeToken” HTTP/1.0 500 Internal Server Error

If I make good existing access token it’s works.

Looks like it get infinity loop: Fatal error: Maximum function nesting level of ‘256’ reached, aborting!

[Thu Jul 20 15:33:44 2017] PHP 215. call_user_func:{/Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Auth/RequestGuard.php:58}() /Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Auth/RequestGuard.php:58
[Thu Jul 20 15:33:44 2017] PHP 216. Laravel\Passport\PassportServiceProvider->Laravel\Passport\{closure}() /Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Auth/RequestGuard.php:58
[Thu Jul 20 15:33:44 2017] PHP 217. Laravel\Passport\Guards\TokenGuard->user() /Users/vaidas/develop/project/vendor/laravel/passport/src/PassportServiceProvider.php:251
[Thu Jul 20 15:33:44 2017] PHP 218. Laravel\Passport\Guards\TokenGuard->authenticateViaBearerToken() /Users/vaidas/develop/project/vendor/laravel/passport/src/Guards/TokenGuard.php:90
[Thu Jul 20 15:33:44 2017] PHP 219. App\Exceptions\Handler->report() /Users/vaidas/develop/project/vendor/laravel/passport/src/Guards/TokenGuard.php:143
[Thu Jul 20 15:33:44 2017] PHP 220. App\Exceptions\Handler->report() /Users/vaidas/develop/project/app/Exceptions/Handler.php:31
[Thu Jul 20 15:33:44 2017] PHP 221. App\Exceptions\Handler->context() /Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php:112
[Thu Jul 20 15:33:44 2017] PHP 222. Illuminate\Support\Facades\Facade::id() /Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php:151
[Thu Jul 20 15:33:44 2017] PHP 223. Illuminate\Support\Facades\Facade::__callStatic() /Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php:151
[Thu Jul 20 15:33:44 2017] PHP 224. Illuminate\Auth\AuthManager->id() /Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php:221
[Thu Jul 20 15:33:44 2017] PHP 225. Illuminate\Auth\AuthManager->__call() /Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php:221
[Thu Jul 20 15:33:44 2017] PHP 226. Illuminate\Auth\RequestGuard->id() /Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php:294
[Thu Jul 20 15:33:44 2017] PHP 227. Illuminate\Auth\RequestGuard->user() /Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Auth/GuardHelpers.php:70
[Thu Jul 20 15:33:44 2017] PHP 228. call_user_func:{/Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Auth/RequestGuard.php:58}() /Users/vaidas/develop/project/vendor/laravel/framework/src/Illuminate/Auth/RequestGuard.php:58

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 11
  • Comments: 15 (2 by maintainers)

Commits related to this issue

Most upvoted comments

You can add OAuthServerException to $dontReport :

class Handler extends ExceptionHandler
{
    protected $dontReport = [
       ...
        \League\OAuth2\Server\Exception\OAuthServerException::class,
    ];
}
+32
abler98 on Sep 8, 2017

I think this error is caused by Xdebug. It’s not an error with this library.

+21
alexbilbie on Aug 2, 2017

Instead of ignoring all OAuthServerException exceptions I just remove user from context for OAuthServerException :

app\Exceptions\Handler.php

public function report(Exception $exception)
{
    if ($exception instanceof OAuthServerException) {
        try {
            $logger = $this->container->make(LoggerInterface::class);
        } catch (Exception $e) {
            throw $exception; // throw the original exception
        }

        $logger->error(
            $exception->getMessage(),
            ['exception' => $exception]
        );
    } else {
        parent::report($exception);
    }
}

But IMO right solution should be removing user from logger context, because Auth::user() depends on some Guards, Providers etc and even these might be coded by developer. Indeed I don’t remember I need to know which user caused the exceptions. I am sure in some cases it might be critical but for me I didn’t use it so far.

+6
ahalimkara on Jan 5, 2018

After a little bit of digging I found out that the issue arises in the Laravel Exception Handler (framework/src/Illuminate/Foundation/Exceptions/Handler.php), function context() where it reaches for Auth. Quick workaround is to override that function in your own app/Exceptions/Handler.php:

    protected function context()
    {
        return [];
    }

Just be aware that in this case anywhere else your context (userId and email address of the user making the request) will not be logged when exception is thrown.

+5
markkarimov on Sep 7, 2017

same problem here,the workaround did the job. instead of infinite loop i get a 401 “unauthenticated” exception

@terdia you solution didn’t worked for me

+1
ErwanTouba on Mar 22, 2018
Read more comments on GitHub
← passport: {"error":"invalid_client","message":"Client authentication failed"}
passport: Key file permissions are not correct →