Using OAuth, Auth user is logged in site user rather than API user

[harhoo]

Not sure whether this is an issue, intended behaviour, an issue with Postman or my error.

I'm logged into my site as user 1 in Chrome.

Using Postman if I fetch /users/me with the Authorization for user 2 and then call $this->auth->users in the controller, it returns user 1. If I call ResourceServer::getOwnerId() (I'm using the League OAuth provider) it returns user 2. If I logout of the website, $this->auth->users then returns user 2. So it looks (looks) as if the logged in session is overriding Shield and $this->auth.

I'm not sure in practice whether this is an issue but thought I'd mention it.

[hskrasek]

Are you using the browser add on? Or the packaged app?  Either way it sounds like auth->user is getting confused by the session created from logging in on the website

---Hunter Skrasekhunterskrasek@me.com

On May 21, 2014 at 6:46:39 PM CDT, harhoo notifications@github.com wrote:Not sure whether this is an issue, intended behaviour, an issue with Postman or my error. I'm logged into my site as a user 1 in Chrome. Using Postman if I fetch /users/me with the Authorization for user 2 and then call $this->auth->users in the controller, it returns user 1. If I call ResourceServer::getOwnerId() (I'm using the League OAuth provider) it returns user 2. If I logout of the website, $this->auth->users then returns user 2. So it looks (looks) as if the logged in session is overriding Shield and $this->auth. I'm not sure in practice whether this is an issue but thought I'd mention it. —Reply to this email directly or view it on GitHub.

[jasonlewis]

Mmm yeah I can see what you mean. I'm hoping to get time tonight to go
through a lot of these issues.
On 22 May 2014 09:26, "Hunter Skrasek" notifications@github.com wrote:

Are you using the browser add on? Or the packaged app? Either way it
sounds like auth->user is getting confused by the session created from
logging in on the website

---Hunter Skrasekhunterskrasek@me.com

On May 21, 2014 at 6:46:39 PM CDT, harhoo notifications@github.com
wrote:Not sure whether this is an issue, intended behaviour, an issue with
Postman or my error. I'm logged into my site as a user 1 in Chrome. Using
Postman if I fetch /users/me with the Authorization for user 2 and then
call $this->auth->users in the controller, it returns user 1. If I call
ResourceServer::getOwnerId() (I'm using the League OAuth provider) it
returns user 2. If I logout of the website, $this->auth->users then returns
user 2. So it looks (looks) as if the logged in session is overriding
Shield and $this->auth. I'm not sure in practice whether this is an issue
but thought I'd mention it. —Reply to this email directly or view it on
GitHub.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/61#issuecomment-43831642
.

[harhoo]

@hskrasek for Postman? I'm using the Chrome app. (Which I actually thought would be sandboxed). But yes, I think when getUser in Shield hands off to AuthManager, that uses the web session for priority.

@jasonlewis thanks a lot for a great package btw - came along at just the right moment and is saving me a lot of time.

[hskrasek]

@harhoo Yea it's probably using the same Laravel session from chrome when you logged in. I just had to ask since I think the packaged app version wouldn't reuse the session. Haven't actually ran into this issue, so haven't payed enough attention to the sessions honestly.

[kevindierkx]

Just a side note Apache ignores Authorization headers when they don't meet their standards, a quick workaround is using the url parameter or adding a rewrite rule.
http://stackoverflow.com/questions/11990388/request-headers-bag-is-missing-authorization-header-in-symfony-2

[jasonlewis]

There's been a bit of a change up to the authentication and I can't seem to reproduce this now. Make sure that $this->auth is also the Shield authentication instance and not the Laravel one. Going to close this for now. If this problem is persisting just give us a yell on here with some more details on how I can reproduce. Cheers!