'JWT Token returns invalid credentials
I updated from Symfony 5.3 to Symfony 5.4 and everything that has to do with security seems to have changed.
I was wondering why i get a 401 with Invalid Credentials. Even tho my user is found when i dump my auth.
Here is my AuthTokenProvier
<?php
namespace App\Security;
use App\Entity\User;
use App\Repository\UserAuthTokenRepository;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\Exception\UserNotFoundException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
class AuthTokenUserProvider implements UserProviderInterface
{
/**
* @var UserAuthTokenRepository
*/
private UserAuthTokenRepository $userAuthTokenRepository;
/**
* BraddiveUserProvider constructor.
*
* @param UserAuthTokenRepository $userLoginTokenRepository
*/
public function __construct(
UserAuthTokenRepository $userLoginTokenRepository
) {
$this->userAuthTokenRepository = $userLoginTokenRepository;
}
/**
* @param string $credential
*
* @return UserInterface
*/
public function loadUserByUsername(string $credential): UserInterface
{
return $this->loadUserByIdentifier($credential);
}
/**
* method
*
* @param UserInterface $user
*
* @return UserInterface|User
*/
public function refreshUser(UserInterface $user)
{
/**
* @var $user User
*/
return $this->userAuthTokenRepository->findByAuthToken($user->getUserAuthToken()->getAuthToken());
}
/**
* method
*
* @param string $class
*
* @return bool
*/
public function supportsClass(string $class): bool
{
return $class === self::class;
}
/**
* Loads the user for the given user identifier (e.g. username or email).
*
* This method must throw UserNotFoundException if the user is not found.
*
* @throws UserNotFoundException
*/
public function loadUserByIdentifier(string $identifier): UserInterface
{
$user = $this->userAuthTokenRepository->findByAuthToken($identifier);
if (($user instanceof User) === false) {
throw new AccessDeniedException('Invalid Credentials');
}
return $user;
}
}
In which when i dump my $user I find him.
But when i try to use /api/login I get a 401 Invalid credentials.
And Im not sure why it is.
Here are my JWT yml Configs
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
token_ttl: 2592000 # token TTL in seconds, defaults to 1 hour
user_identity_field: token
And here is my security bundle
security:
enable_authenticator_manager: true
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
App\Entity\BackendUser:
algorithm: auto
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\BackendUser
property: email
auth_token:
id: App\Security\AuthTokenUserProvider
jwt:
id: App\Security\JwtUserProvider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
provider: auth_token
json_login:
check_path: /api/login
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
custom_authenticators:
- App\Security\UserAuthenticator
api:
pattern: ^/api
stateless: true
provider: jwt
custom_authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
easy_admin:
pattern: ^/admin
lazy: true
provider: app_user_provider
custom_authenticators:
- App\Security\EasyAdminAuthenticator
logout:
path: app_logout
target: app_login
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# Easy Admin Routes
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: IS_AUTHENTICATED_FULLY }
# Api Routes
- { path: ^/api/login, roles: PUBLIC_ACCESS }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
# Translations
- { path: ^/translations, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/translations/grid, roles: IS_AUTHENTICATED_FULLY }
If anyone could tell me what the Problem is or how i can debug better please let me know
Update:
I tried
guard:
- App\Security\UserAuthenticator
Now it says
Unrecognized option "authenticators" under "security.firewalls.guard". Available options are "access_denied_handler", "access_denied_url", "anonymous
", "context", "custom_authenticators", "entry_point", "form_login", "form_login_ldap", "guard", "host", "http_basic", "http_basic_ldap", "json_login"
, "json_login_ldap", "jwt", "lazy", "login_link", "login_throttling", "logout", "methods", "pattern", "provider", "remember_me", "remote_user", "requ
est_matcher", "required_badges", "security", "stateless", "switch_user", "user_checker", "x509".
When i try with custom_authenticators (like it says above)
like so
guard:
custom_authenticators:
- App\Security\UserAuthenticator
I get
Unrecognized option "custom_authenticators" under "security.firewalls.api.guard". Available options are "authenticators", "entry_point", "provider".
Does this make any sense ?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|