Lexikjwtauthenticationbundle: Private key "/var/www/html/authenti/app/var/jwt/private.pem" does not exist or is not readable

Created on 14 Jul 2017  路  12Comments  路  Source: lexik/LexikJWTAuthenticationBundle

Hello ,
I have this error when I generate token :+1:

Private key "/var/www/html/authenti/app/var/jwt/private.pem" does not exist or is not readable. Did you correctly set the "lexik_jwt_authentication.private_key_path" parameter?

code config.yml:

`imports:
- { resource: parameters.yml }
- { resource: security.yml }
- { resource: services.yml }
- { resource: "@MedBundle/Resources/config/services.yml" }

# Put parameters here that don't need to change on each machine where the app is deployed
# https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
parameters:
    locale: en

framework:
    secret:          "%secret%"
    csrf_protection: ~
    form: ~
    session:
        handler_id: ~
fos_user:
    db_driver: orm
    firewall_name: main
    user_class: AppBundle\Entity\User
    from_email:
        address: "[email protected]"
        sender_name: "Demo String"
    service:
        mailer: fos_user.mailer.twig_swift

lexik_jwt_authentication:
    private_key_path: %jwt_private_key_path%
    public_key_path:  %jwt_public_key_path%
    pass_phrase:      %jwt_key_pass_phrase%
    token_ttl:        %jwt_token_ttl%

nelmio_cors:
    defaults:
        allow_origin:   ["%cors_allow_origin%"]
        allow_methods:  ["POST", "PUT", "GET", "DELETE", "OPTIONS"]
        allow_headers:  ["content-type", "authorization"]
        expose_headers: ["link"]
        max_age:       3600
    paths:
        '^/': ~
# Doctrine Configuration
doctrine:
    dbal:
        driver: pdo_mysql
        host: '%database_host%'
        port: '%database_port%'
        dbname: '%database_name%'
        user: '%database_user%'
        password: '%database_password%'
        charset: UTF8
        # if using pdo_sqlite as your database driver:
        #   1. add the path in parameters.yml
        #     e.g. database_path: '%kernel.root_dir%/data/data.db3'
        #   2. Uncomment database_path in parameters.yml.dist
        #   3. Uncomment next line:
        #path: '%database_path%'

    orm:
        auto_generate_proxy_classes: '%kernel.debug%'
        naming_strategy: doctrine.orm.naming_strategy.underscore
        auto_mapping: true

# Swiftmailer Configuration
swiftmailer:
    transport: '%mailer_transport%'
    host: '%mailer_host%'
    username: '%mailer_user%'
    password: '%mailer_password%'
    spool: { type: memory }

fos_rest:
    view:
        view_response_listener: 'force'
        formats:
            json: true
    format_listener:
        rules:
            - { path: '^/api', priorities: ['json'], fallback_format: json, prefer_extension: true }
            - { path: '^/', stop: true }

`
code security.yml:

`security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        api:
            pattern: ^/api
            stateless: true
            lexik_jwt:
                authorization_header:
                    enabled: true
                    prefix: Bearer
                query_parameter:
                    enabled: true
                    name: bearer
                throw_exceptions: false
                create_entry_point: true

        main:
            pattern: ^/
            provider: fos_userbundle
            stateless: true
            form_login: 
                check_path: /login_check
                username_parameter: username
                password_parameter: password
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false
            logout: true
            anonymous: true


    access_control:
        - { path: ^/api, role: IS_AUTHENTICATED_FULLY }

`

code parameters.yml:

`# This file is auto-generated during the composer install
parameters:
database_host: 127.0.0.1
database_port: null
database_name: symfony
database_user: root
database_password: root
mailer_transport: smtp
mailer_host: 127.0.0.1
mailer_user: null
mailer_password: null
jwt_private_key_path: %kernel.root_dir%/var/jwt/private.pem
jwt_public_key_path: %kernel.root_dir%/var/jwt/public.pem
jwt_key_pass_phrase : ''
jwt_token_ttl: 3600

    cors_allow_origin: http://localhost:9000

    secret: ThisTokenIsNotSoSecretChangeIt

`

how to resolve this bug !

Support

Most helpful comment

My solution change directory permission. I used bottom comand.
sudo chmod -R 777 config/jwt

More secure with 600 or 644:
chmod -R 644 config/jwt/*

All 12 comments

yes I generate my keys

then please paste the content of /var/www/html/authenti/app/var/jwt/public.pem

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAydPKCy+2W4nRMECk/Va/
WTQC6KCVVwUfAvXygQvODDm5qFObJ2zgJE+ulUbqoDAnV/RUKV6Zmb18UTcab2Gz
xu/LK2y5iVr1AZz/E6/KsYf9Ws2QNSmAeXINArqfuwX/IgtD/YcJwhlhflD1VbF6
wTmimpz1x0roVgGaWK9ZVHPEL8fc0uGtKlCkFOmWlGKVnSROeM0Ypu3vsev8afMu
2CIb/b5Ihql9D0uYej9pCqhefBKnIhLjADTVkeMEyPW4FlDdQSBUJqYmaVeqjmrJ
JP1VCsNgy17IFu3EVqqM+XIqYkRd9VBDk6yRk8IIya7whB3eQk6n7uVBI1NxXTV+
1OQw1lkNNICHBzjJgwQ0dA3eyZEZTY74BMGKOtilJvevuJSP5F/3yHWuf4yqPBa+
cG+O/j0PjlUajwglL16vcaA1RO+V8IT/zmFD1k5lw6FNuL3WWZ6sPDFomZma75Bx
BhaVQYN6YKbNcGEweT71QGub/7GGpJ9datER/rv2i6gyjo4M7J++mrMxUeiSDrD2
RUEr/GifeRZO+MnKqYEV2v32HJppwn87SVXJzc0QFfydQnQdgC/I+Bfk4M6XKffD
giidw9ER/Xd2ED/QfpnnZBALWdIn1bAT+RERdwrlneH5TweeUt2HItbLC9O+laLu
rykLDZLE23hxRbXvF17sbYsCAwEAAQ==
-----END PUBLIC KEY-----

Keys (at least the private one) seem to not be readable by your application. Please check your permissions, try a simple file_get_contents of the path and fix it accordingly. This is not a bug, but a support issue

with commande ls-l have this response:

-rwxrwxrwx 1 root root 3326 14 13:56 private.pem
-rwxrwxrwx 1 root root 800 14 13:56 public.pem

how to use file_get_contents !! in controller ??

and this is security.yml:

`security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    api:
        pattern: ^/api
        stateless: true
        lexik_jwt:
            authorization_header:
                enabled: true
                prefix: Bearer
            query_parameter:
                enabled: true
                name: bearer
            throw_exceptions: false
            create_entry_point: true

    main:
        pattern: ^/
        provider: fos_userbundle
        stateless: true
        form_login: 
            check_path: /login_check
            username_parameter: _username
            password_parameter: _password
            success_handler: lexik_jwt_authentication.handler.authentication_success
            failure_handler: lexik_jwt_authentication.handler.authentication_failure
            require_previous_session: false
        logout: true
        anonymous: true


access_control:
    - { path: ^/api, role: IS_AUTHENTICATED_FULLY }

`

I'm sorry but I won't be able to help here, there is a problem is your setup. My guess is that you did generate the keys in /var/www/html/authenti/var/jwt/*.pem but that you're trying to load them from /var/www/html/authenti/app/var/jwt/*.pem (extra app/), or the inverse. If your issue persists, please try to install https://github.com/chalasr/lexik-jwt-authentication-sandbox to see if it works, if it doesn't the problem comes from your server.

thanks men I resolve Bug

My solution change directory permission. I used bottom comand.
sudo chmod -R 777 config/jwt

My solution change directory permission. I used bottom comand.
sudo chmod -R 777 config/jwt

More secure with 600 or 644:
chmod -R 644 config/jwt/*

My solution change directory permission. I used bottom comand.
sudo chmod -R 777 config/jwt

More secure with 600 or 644:
chmod -R 644 config/jwt/*

This command is no correct, -R flag = recursion, so '/*' is not valid. Instand of use:
chmod -R 644 config/jwt

Was this page helpful?
0 / 5 - 0 ratings