Auth with API Tokens works localhost, but at Heroku doesn't

[kuesley]

My API works in localhost but when I deploy to Heroku, I get message "E_UNAUTHORIZED_ACCESS: Unauthorized access".

I am using a same database, then is a same user and password (local and heroku).

My login
const email = ctx.request.input('email') const password = ctx.request.input('password ') const token = await ctx.auth.use('api').attempt(email, password ) return token;

Login works fine (localhost and heroku)

But, when I call any authenticate route I get a message E_UNAUTHORIZED_ACCESS: Unauthorized access raised by
throw new AuthenticationException

A message is generate by that code (Auth.js):

`protected async authenticate(auth: HttpContextContract['auth'], guards: (keyof GuardsList)[]) {
/**
* Hold reference to the guard last attempted within the for loop. We pass
* the reference of the guard to the "AuthenticationException", so that
* it can decide the correct response behavior based upon the guard
* driver
*/
let guardLastAttempted: string | undefined

for (let guard of guards) {
  guardLastAttempted = guard
  if (await auth.use(guard).check()) {
    /**
     * Instruct auth to use the given guard as the default guard for
     * the rest of the request, since the user authenticated
     * succeeded here
     */
    auth.defaultGuard = guard
    return true
  }
}

/**
 * Unable to authenticate using any guard
 */
throw new AuthenticationException(
  'Unauthorized access',
  'E_UNAUTHORIZED_ACCESS',
  guardLastAttempted,
  this.redirectTo,
)

}`

Details:

• a token was created on database (work fine) [localhost and heroku]
• I am using a last adonis version

Anybody know what is happening?

[thetutlage]

Have you checked the applications logs on Heroku?

[kuesley]

Yes. But there is nothing that. See

2022-04-13T18:37:30.122989+00:00 app[web.1]: {"level":30,"time":1649875050122,"pid":45,"hostname":"cd392446-cb7c-4e0e-a622-847d7236f1f8","name":"api-mieza-adonis-v5","msg":"started server on 0.0.0.0:8473"} 2022-04-13T18:37:30.411378+00:00 heroku[web.1]: State changed from starting to up 2022-04-13T18:37:51.367764+00:00 app[web.1]: {"level":20,"time":1649875071367,"pid":45,"hostname":"cd392446-cb7c-4e0e-a622-847d7236f1f8","name":"api-mieza-adonis-v5","msg":"Login started"} 2022-04-13T18:37:51.523920+00:00 heroku[router]: at=info method=POST path="/login?uid=1" host=api-mieza-adonis-v5.herokuapp.com request_id=238c83fd-5816-40e1-86c3-596d11649b6f fwd="45.227.248.124" dyno=web.1 connect=0ms service=232ms status=200 bytes=234 protocol=https 2022-04-13T18:37:54.343166+00:00 app[web.1]: {"level":20,"time":1649875074343,"pid":45,"hostname":"cd392446-cb7c-4e0e-a622-847d7236f1f8","name":"api-mieza-adonis-v5","msg":"Guards api "} 2022-04-13T18:37:54.343333+00:00 app[web.1]: {"level":20,"time":1649875074343,"pid":45,"hostname":"cd392446-cb7c-4e0e-a622-847d7236f1f8","name":"api-mieza-adonis-v5","msg":"Auth {\"defaultGuard\":\"api\",\"guards\":{\"api\":{\"isLoggedIn\":false,\"isGuest\":true,\"authenticationAttempted\":false,\"isAuthenticated\":false}}}"} 2022-04-13T18:37:54.353423+00:00 app[web.1]: {"level":50,"time":1649875074348,"pid":45,"hostname":"cd392446-cb7c-4e0e-a622-847d7236f1f8","name":"api-mieza-adonis-v5","redirectTo":"/login","responseText":"E_UNAUTHORIZED_ACCESS: Unauthorized access","guard":"api","stack":"AuthenticationException: E_UNAUTHORIZED_ACCESS: Unauthorized access\n at AuthMiddleware.authenticate (/app/app/Middleware/Auth.ts:55:11)\n at processTicksAndRejections (node:internal/process/task_queues:96:5)\n at AuthMiddleware.handle (/app/app/Middleware/Auth.ts:76:5)\n at Server.handleRequest (/app/build/node_modules/@adonisjs/http-server/build/src/Server/index.js:108:13)","type":"Error","msg":"E_UNAUTHORIZED_ACCESS: Unauthorized access"} 2022-04-13T18:37:54.353877+00:00 heroku[router]: at=info method=GET path="/minhasMensagens?uid=1&pid=2" host=api-mieza-adonis-v5.herokuapp.com request_id=272b2c85-e927-4cc6-8ab6-986e8f0ac7f4 fwd="45.227.248.124" dyno=web.1 connect=0ms service=14ms status=401 bytes=221 protocol=https 2022-04-13T19:00:03.041464+00:00 app[web.1]: {"level":20,"time":1649876403041,"pid":45,"hostname":"cd392446-cb7c-4e0e-a622-847d7236f1f8","name":"api-mieza-adonis-v5","msg":"Guards api "} 2022-04-13T19:00:03.042862+00:00 app[web.1]: {"level":20,"time":1649876403042,"pid":45,"hostname":"cd392446-cb7c-4e0e-a622-847d7236f1f8","name":"api-mieza-adonis-v5","msg":"Auth {\"defaultGuard\":\"api\",\"guards\":{\"api\":{\"isLoggedIn\":false,\"isGuest\":true,\"authenticationAttempted\":false,\"isAuthenticated\":false}}}"} 2022-04-13T19:00:03.047724+00:00 app[web.1]: {"level":50,"time":1649876403046,"pid":45,"hostname":"cd392446-cb7c-4e0e-a622-847d7236f1f8","name":"api-mieza-adonis-v5","redirectTo":"/login","responseText":"E_UNAUTHORIZED_ACCESS: Unauthorized access","guard":"api","stack":"AuthenticationException: E_UNAUTHORIZED_ACCESS: Unauthorized access\n at AuthMiddleware.authenticate (/app/app/Middleware/Auth.ts:55:11)\n at processTicksAndRejections (node:internal/process/task_queues:96:5)\n at AuthMiddleware.handle (/app/app/Middleware/Auth.ts:76:5)\n at Server.handleRequest (/app/build/node_modules/@adonisjs/http-server/build/src/Server/index.js:108:13)","type":"Error","msg":"E_UNAUTHORIZED_ACCESS: Unauthorized access"} 2022-04-13T19:00:03.048944+00:00 heroku[router]: at=info method=GET path="/minhasMensagens?uid=1&pid=2" host=api-mieza-adonis-v5.herokuapp.com request_id=5ae7b519-a07a-4edf-bb46-f13d2ac31a25 fwd="45.227.248.124" dyno=web.1 connect=0ms service=9ms status=401 bytes=221 protocol=https

[thetutlage]

Is your app receiving the token in the header from the client? You can check that by logging request headers console.log(request.headers())

[kuesley]

Thanks for answer ;-)

How print headers? My middleware intercept my endpoint (route) and a authenticate method does not request object.

protected async authenticate(auth: HttpContextContract['auth'], guards: (keyof GuardsList)[])

I was print a guards and auth (from authenticate method):

2022-04-14T12:12:03.034633+00:00 app[web.1]: {"level":20,"time":1649938323034,"pid":45,"hostname":"e4d670fe-d532-4db4-8f2b-d06847c1bc0b","name":"api-mieza-adonis-v5","msg":"Auth {\"defaultGuard\":\"api\",\"guards\":{\"api\":{\"isLoggedIn\":false,\"isGuest\":true,\"authenticationAttempted\":false,\"isAuthenticated\":false}}}"} 2022-04-14T12:12:03.043598+00:00 app[web.1]: {"level":50,"time":1649938323039,"pid":45,"hostname":"e4d670fe-d532-4db4-8f2b-d06847c1bc0b","name":"api-mieza-adonis-v5","redirectTo":"/login","responseText":"E_UNAUTHORIZED_ACCESS: Unauthorized access","guard":"api","stack":"AuthenticationException: E_UNAUTHORIZED_ACCESS: Unauthorized access\n at AuthMiddleware.authenticate (/app/app/Middleware/Auth.ts:55:11)\n at processTicksAndRejections (node:internal/process/task_queues:96:5)\n at AuthMiddleware.handle (/app/app/Middleware/Auth.ts:76:5)\n at Server.handleRequest (/app/build/node_modules/@adonisjs/http-server/build/src/Server/index.js:108:13)","type":"Error","msg":"E_UNAUTHORIZED_ACCESS: Unauthorized access"} 2022-04-14T12:12:03.045649+00:00 heroku[router]: at=info method=GET path="/minhasMensagens?uid=1&pid=2" host=api-mieza-adonis-v5.herokuapp.com request_id=34024732-3ff4-4516-ad65-50424f430ded fwd="45.227.248.124" dyno=web.1 connect=0ms service=14ms status=401 bytes=221 protocol=https

Again, locally works, only heroku does not work.

I appreciate any help ;-)

[kuesley]

It'sssssssssssssssssssssssssss work fine now.

I put a expiresIn: '30mins' when generate a token.