Laravel 9 email verification Invalid Signature

Question

I've read all available solutions, but no chance. It always redirects to the 403 page with message (Invalid Signature).

Here is my route :

Auth::routes(['verify' => true]);

My env file :

APP_NAME='WebApp'
APP_ENV=local
APP_KEY=base64:V4/NjIiHJMalSGiXqCfzDJJVF4BfDwJ8Hnxr1M8I2Lc=
APP_DEBUG=true
APP_URL=http://127.0.0.1:8000

MAIL_MAILER=log
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="[email protected]"
MAIL_FROM_NAME="${APP_NAME}"

But the provided link in log file is always invalid.

I'm using built in artisan sever php artisan serve

Update : This is the link in laravel.log file.

http://127.0.0.1:8000/email/verify/2/52e17b67fd82b0545bb4fbdc5748ed23104133c7?expires=3D1652547054&signature=3De8f38349c57d806fb67170ceee8e7300cbc40d61133e1f70c7929e843401db6a

I have tried php artisan key:generate and php artisan config:cache

The email is being send by laravel itself, I haven't customized anything.

Also I tried to override verify method provided by VerifiesEmails.php trait, but no chance. Here is what I did :

VerificationController.php :

public function verify(Request $request) {
    dd($request->fullUrl());
}

I got suspicious to the url according to some solutions but the url is all fine like above mentioned.

Answer 1

After struggling 9 hours with this and hitting my head against the wall; finally I found out that the SIGNATURE is fine, but when laravel logs it in laravel.log file, it corrupts the file content and prefixes the SIGNATURE with this 2 characters 3D.

This way everything breaks; I don't know why is this happening.

I won't delete this question in case others face this problem in future.

Answer 2

In my case, I was using Job Batches which have their own table in the database. There was an issue with one of the rows not having run and the exception message did mention BusBatch (something like that). To solve, I simply deleted the record from the database. Prior to noticing this issue, in Horizon, the batches tab would not get passed the loading circle. So if you're working with jobs and batches, this could be a lead.

I never encountered this problem before and seems like it could stem from many other things. Hope this is helpful.

Answer 3

I had the same case as you, i tried the following and it worked

Find folder app/Http/Controllers/Auth/VerificationController.php

public function __construct()
    {
        $this->middleware('auth');
        // $this->middleware('signed')->only('verify'); // -> change
        $this->middleware('throttle:6,1')->only('verify', 'resend');
    }

I hope it helps you

Answer 4

In my case, my NGINX config was sending altered URLs, which was causing the signature verification to fail. I had copy/pasted from a different PHP site config, which was sending funny URL patterns.

More discussion: https://laracasts.com/discuss/channels/laravel/403-invalid-signature-every-time-i-try-to-verify-email-in-laravel-57

Corrected NGINX config:

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

Answer 5

For anyone still running into this issue try configuring the TrustProxy middleware if you have a similar configuration to the below

• Have set URL::forceScheme('https'); in the boot method of AppServiceProvider
• Running laravel behind a reverse proxy

To get this working quickly, set the below in TrustProxies.php middleware.

protected $proxies = '*';

For more information on configuring the $proxies setting, check out the official Laravel documentation here

Answer 6

Man, you have just saved me this whole process.

In my case the PhpStorm also added = to the end of every line and 3D was also in expire=

Thank you very much

Answer 7

In my case i had mistakenly written my site address in APP_URL with http protocol while in Nginx configuration all http requests were redirected to https. so, when i changed

APP_URL=http://example.com

to

APP_URL=https://example.com

my problem was solved.

Answer 8

As mentioned before, for me editing TrustProxy middleware worked as well. I just want to add that I wasted some time ignoring this solution because I already had this implemented:

protected $proxies = [
    '*'
];

However it indeed only worked once I removed the * from the array:

protected $proxies = '*';

Hope this helps anyone.