I'm having a really hard time figuring this out. I am using JWTAuth on my Laravel 5 API and I'm having a problem with the token being read. This is what I know and tried:

I have set my CORS configuration to allow all headers for my API path:

    return array(
    'defaults' => array(
        'supportsCredentials' => false,
        'allowedOrigins' => array(),
        'allowedHeaders' => array(),
        'allowedMethods' => array(),
        'exposedHeaders' => array(),
        'maxAge' => 0,
        'hosts' => array(),
    ),

    'paths' => array(
        'api/*' => array(
            'allowedOrigins' => array('*'),
            'allowedHeaders' => array('*'),
            'allowedMethods' => array('*'),
            'maxAge' => 3600,
        ),
        '*' => array(
            'allowedOrigins' => array('*'),
            'allowedHeaders' => array('Content-Type'),
            'allowedMethods' => array('POST', 'PUT', 'GET', 'DELETE'),
            'maxAge' => 3600,
            'hosts' => array('api.*'),
        ),
    ),

);

I have added the following to apache's sites enabled conf file:

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

And I can see in Chrome tools that headers are being passed back with the correct token and in the correct format: Authorization : Bearer tokenstring

Can anyone see what I may be doing wrong? Does anyone know of issues with this?

I see where my issue is. According to the documentation on the JWTAuth Github page:

Note to Apache users

Apache seems to discard the Authorization header if it is not a base64 encoded user/pass combo. So to fix this you can add the following to your apache config

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

I thought apache config meant the 000-default.conf file. I was in error. In fact this was suppose to be done in the .htaccess file. Once done... POOF, everything works!