I'm encountering an issue with the JWT Auth bundle on Symfony 3. I've followed instructions from their github README but just can't seem to figure out where I've gone wrong or what is going wrong.
I am using Symfony 3.1.1, With LexikJWTAuthenticationBundle 2.0 And FriendsofSymfony userbundle.
The problem: Whenever I try to log in as instructed in their example via (with user and password substituted):
curl -X POST http://192.168.33.30/api/login_check -d _username=johndoe -d _password=test
I get:
{"code":401,"message":"Bad credentials"}
If I generate the token manually via:
$jwtManager = $this->container->get('lexik_jwt_authentication.jwt_manager');
$userManager = $this->container->get('fos_user.user_manager');
$user = $userManager->findUserByEmail('emailhere');
dump($jwtManager->create($user));
I get given quite a lengthy token. And then using that in postman as a Header with key "Authorization" value: "Bearer "
I then try to call an endpoint under the firewalled url and the failure_handler is triggered. It manages to extract from the token the data, ie the email I encoded in the token and so on. But I always get the failure.
My other data is:
security.yml security: encoders: FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
form_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
main:
pattern: ^/
form_login:
provider: fos_userbundle
# csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
config.yml
lexik_jwt_authentication:
private_key_path: %jwt_private_key_path%
public_key_path: %jwt_public_key_path%
pass_phrase: %jwt_key_pass_phrase%
token_ttl: %jwt_token_ttl%
# key under which the user identity will be stored in the token payload
user_identity_field: email
# token encoding/decoding settings
encoder:
# token encoder/decoder service - default implementation based on the namshi/jose library
service: lexik_jwt_authentication.encoder.default
# crypto engine used by the encoder service
crypto_engine: openssl
# encryption algorithm used by the encoder service
signature_algorithm: RS256
# token extraction settings
token_extractors:
authorization_header: # look for a token as Authorization Header
enabled: true
prefix: Bearer
name: Authorization
cookie: # check token in a cookie
enabled: false
name: BEARER
query_parameter: # check token in query string parameter
enabled: false
name: bearer
routing.yml
api_login_check:
path: /api/login_check
If anyone has any suggestions please let me know. I'm stumped over this.