Lexikjwtauthenticationbundle: Invalid JWT Token

Created on 23 Jun 2017  路  4Comments  路  Source: lexik/LexikJWTAuthenticationBundle

Hi,

I'm facing a problem with your bundle.
I have two providers customer and provider and use two different endpoint to login.
I have two firewalls one for customer and the other for provider

The problem I have is that I can't use JWT token. I have a Invalid JWT Token error.
I think the problem comes with Symfony 3.3, not sure.

Here is my security.yml:

security:
    encoders:
        AppBundle\Entity\Customer:
            algorithm: bcrypt
        AppBundle\Entity\Provider:
            algorithm: bcrypt

    providers:
        customer_provider:
            entity:
                class: AppBundle:Customer
                property: email
        provider_provider:
            entity:
                class: AppBundle:Provider
                property: email

    role_hierarchy:
        ROLE_CUSTOMER:  ROLE_USER
        ROLE_PROVIDER:  ROLE_USER

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        # Customer
        api_customer_login:
            pattern:  ^/customers/login
            stateless: true
            anonymous: true
            provider: customer_provider
            form_login:
                check_path:               /customers/login
                require_previous_session: false
                username_parameter:       email
                password_parameter:       password
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure

        # Provider
        api_provider_login:
            pattern:  ^/providers/login
            stateless: true
            anonymous: true
            provider: provider_provider
            form_login:
                check_path:               /providers/login
                require_previous_session: false
                username_parameter:       email
                password_parameter:       password
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure

        api_provider:
            pattern:  ^/providers
            stateless: true
            lexik_jwt: ~
            provider: provider_provider

        api_customer:
            pattern:  ^/customers
            stateless: true
            lexik_jwt: ~
            provider: customer_provider

    access_control:
        - { path: login$,       role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/customers,  role: ROLE_CUSTOMER }
        - { path: ^/providers,  role: ROLE_PROVIDER }

I can obtain a token for these two providers without problem but when I'm using it:

{
    "code": 401,
    "message": "Invalid JWT Token"
}

Header Authorization is set like that: Bearer <token>

Thanks you.

Bug Needs Review

Most helpful comment

The response should have been clear about that then. Reopening, will try to reproduce on my side.

All 4 comments

Ok, I found the problem.
parameters.yml had a bad path to public key.

jwt_private_key_path: '%kernel.root_dir%/../var/jwt/private.pem'
jwt_public_key_path: '%%kernel.root_dir%/../var/jwt/public.pem'

The response should have been clear about that then. Reopening, will try to reproduce on my side.

In my case, the username property in my User entity was emptied in the eraseCredentials method. This resulted in a Invalid JWT Token message as well, because of failing in the isset check in JWTProvider.getUserFromPayload. I guess that in this case, the token is valid, but the user entity invalid. Which might require another error message.

I ran into the same problem: got this message in place of a completely unrelated issue.
The thing is that any exception is catch here
https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Encoder/LcobucciJWTEncoder.php#L54

Why not remove this try/catch and let the error bubble up to the front controller?
In my case the server should have answered 500 not 401

Was this page helpful?
0 / 5 - 0 ratings

Related issues

evaldoprestes picture evaldoprestes  路  3Comments

ndoulgeridis picture ndoulgeridis  路  3Comments

Cypaubr picture Cypaubr  路  5Comments

JuliusKoronci picture JuliusKoronci  路  4Comments

reducio picture reducio  路  4Comments