Hello,
I’m setting up a new Laravel application with Auth0. I aim to protect REST API created in the Laravel 10 environment with Auth0.
I followed this article Auth0 Laravel API SDK Quickstarts: Add Authorization to a Laravel Application step by step. I requested an access token via the Test view of my Auth0 API application and added the two routes in the routes/api.php file.
Route::get('/private', function () {
return response()->json([
'message' => 'Your token is valid; you are authorized.',
]);
})->middleware('auth');
Route::get('/', function () {
if (!auth()->check()) {
return response()->json([
'message' => 'You did not provide a valid token.',
]);
}
return response()->json([
'message' => 'Your token is valid; you are authorized.',
'id' => auth()->id(),
'token' => auth()?->user()?->getAttributes(),
]);
});
I made the test calls inside Postman attaching the generated access token. The problem is if I call the route api/private that has a auth middleware, I get a 403 unauthorized message, but calling the api/ route that checks the token internally, then it works!
Any explanation because the middleware does not work?
Thank you.
