passport: Passport 401 Unauthenticated.

By the way - I had this problem just after configuring Passport. The solution in my case was a simple

php artisan optimize:clear

Ok so it took me a while to understand this myself. The api routes for managing the oauth clients cannot be used by authenticating with a Bearer token. It can only be accessed when a user is authenticated though a web app. The reason for this is that the routes are protected by the web and auth middleware and not the api and auth:api middleware as you’d expect. The exact reason for this is that you’d normally only access these routes from an authenticated state in a Laravel application. When this happens a cookie for the authed user is set and the routes can be accessed by using axios for example (see the docs).

I do agree that the docs are not clear on this and that it’s pretty confusing. I’ll send in a PR later to make sure they’re more clear.

A better way would be to make it an actual JSON API with Bearer authentication. We could combine this with the https://laravel.com/docs/5.7/passport#consuming-your-api-with-javascript functionality in other apps. I’ll try to see if this can be updated in a future Passport version. That way the client api endpoints could be consumed as an actual api.

Anyway, hope this response helps others who have been searching for a solution.

If you are using client credentials to generate your access_token.

1. Add to the routeMiddleware in \App\Http\Kernel.php ‘client_credentials’ => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class,
2. Use ‘client_credentials’ middleware in your route too. like this Route::group([‘middleware’ => ‘client_credentials’], function () { //your route });

@agorenja Make sure of your Controller

public function __construct()
    {
        $this->middleware('auth:api');
    }

$this->middleware('auth'); it is wrong

I did like this and the problem is gone!

php artisan optimize:clear php artisan migrate:rollback php artisan passport:install --forced

SOLVED: I am pretty sure you followed all the configurations of Laravel Passport and you have a functioning login page. Your only issue is that when you try hitting an auth:api protected route you get this 401 error.

MY PROBLEM was that I wasn’t sending the bearer token with the request to the route. Now, this might be a BAD way to solve this problem, but it is a start and I am gonna read up on this and find a BETTER way, but well, I started adding this (axios.defaults.headers.common[‘Authorization’] = 'Bearer ’ + localStorage.getItem(‘token’)) to all the actions in the modules of my store wherever an authenticated user should hit the route and the problem was solved.

Keep in mind that you need to save your token (or access_token however you named it) in your localStorage for this particular case to work.

None of these solutions worked (using laravel 7.0 and passport 9.2). Tried apache authorization header modification, composer dump-autoload, optimize:clear, passport:keys --forced, passport:install --forced, Passport::withoutCookieSerialization(). Last thing I saw was this error logged:

[2020-06-27 12:12:23] local.ERROR: The resource owner or authorization server denied the request. {"exception":"[object] (League\\OAuth2\\Server\\Exception\\OAuthServerException(code: 9): The resource owner or authorization server denied the request. at C:\\laragon\\www\\edukit\\vendor\\league\\oauth2-server\\src\\Exception\\OAuthServerException.php:243)
[stacktrace]
.....

The error faded away when I used this method, but the problem persisted:

If you are using client credentials to generate your access_token.

1. Add to the routeMiddleware in \App\Http\Kernel.php 'client_credentials' => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class,

2. Use 'client_credentials' middleware in your route too.
   like this
   Route::group(['middleware' => 'client_credentials'], function () {
   //your route
   });

Later, I realized that the rest client also appended my user name and password (I wasn’t using postman for speed issue in my pc).

I did like this and the problem is gone!

php artisan optimize:clear php artisan migrate:rollback php artisan passport:install --forced

This is work for me thank you.

By the way - I had this problem just after configuring Passport. The solution in my case was a simple

php artisan optimize:clear

thanks for this

I was able to resolve this error that dozens or hundreds of people report online, but none of the existing solutions worked for me, except for the following.
using Laravel 5.8, following docs to set up Passport.

In my case, although I was including the csrf token in a meta tag, it was not being picked up as the Passport documentation states that laravel will by default. from the docs (https://laravel.com/docs/5.8/passport#consuming-your-api-with-javascript):

" the default Laravel JavaScript scaffolding instructs Axios to always send the X-CSRF-TOKEN and X-Requested-With headers. "

and then the example is provided:

// In your application layout...
<meta name="csrf-token" content="{{ csrf_token() }}">

// Laravel's JavaScript scaffolding...
window.axios.defaults.headers.common = {
    'X-Requested-With': 'XMLHttpRequest',
};

Well that would be great if it worked that way by default as the docs state, but in my case I had to explicitly set the axios default to include the contents of said csrf-token meta tag before making the axios request. like this:

window.axios.defaults.headers.common = {
						'X-Requested-With': 'XMLHttpRequest',
						'X-CSRF-TOKEN' : document.querySelector('meta[name="csrf-token"]').getAttribute('content')
				};

In my case, this was the only thing that allowed me to get past the 401 unauthorized error, which seems to indicate either:
A) something in my project’s configuration has altered the default behavior of axios requests by not setting them automatically include the csrf-token based on the meta tag if present or
B) the docs are inaccurate on this one point, and in the present version of Laravel and Passport that is not the default behavior as stated.