What Am I trying?
I already have a website and I am trying Token based authentication for an API in same code and below is the start for sample authentication code
I created a controller below is the code.
class AccountController extends \App\Http\Controllers\Controller
{
public function apilogin($UserData) {
return json_decode($UserData);
}
}
My route config is below.
Route::group(['prefix' => 'api/v1', 'middleware' => 'auth.api'], function () {
Route::post('/apilogin', 'API\User\Account\AccountController@apilogin');
});
**Then from the Postman Chrome Extension, I have posted the request and worked fine if I comment the following line from $middlewareGroups in Kernel.php
\App\Http\Middleware\VerifyCsrfToken::class,
I have no issues VerifyCsrfToken if I do GET request from POSTMan Extension
Open your app\http\Middleware\VerifyCsrfToken.php file.
Here edit $except property with:
protected $except = [
'api/*'
];
This will exclude your api routes from CSRF verification.
TokenMismatchException generally occurs when csrf token not present in form or expired csrf token or tamperd csrf token.
First:
Make sure you added in form
<input type="hidden" name="_token" value="{{ csrf_token() }}">
Or
Clear try with clear cache for view files
Or
Check if any redirection are there in flow
Finally if everything fails if you want to customize this error . You can handle this error in hanlers. check [this][1]
In your route.php set below code
Route::group(['prefix' => API_PREFIX,'middleware' => 'auth.api'], function()
{
// Your Route
}
In your kernal.php set below middleware, it is good to use a diffrent middleware for api.
'auth.api' => \App\Http\Middleware\ApiAuthenticate::class,
Add new middleware ApiAuthenticate.php
class ApiAuthenticate
{
public function handle($request, Closure $next, $guard = 'api')
{
if (\Auth::guard($guard)->guest()) {
return response("Invalid user");
}
else {
return $next($request);
}
return $next($request);
}
}
Check your get and post methods too
来源:https://stackoverflow.com/questions/37383165/tokenmismatchexception-for-api-in-laravel-5-2-31