Lexikjwtauthenticationbundle: Unable to load an user with property \"username\" = \"xxxx\". If the user identity has changed, you must renew the token. Otherwise, verify that the \"lexik_jwt_authentication.user_identity_field\" config option is correctly set.

Created on 22 Mar 2019  路  4Comments  路  Source: lexik/LexikJWTAuthenticationBundle

I am using JWT with Symfony. Any assitance will be appreciated.
Symfony Version: Symfony 3.4.23 (kernel: app, env: dev, debug: true)
JWT Version: "lexik/jwt-authentication-bundle": "^2.6",
JWT Token Created:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE1NTMyNjMwMDcsImV4cCI6MTU1NTg1NTAwNywidXNlcm5hbWUiOiJrYW1yYW4ifQ.OmAGR_ogFjhvEuC74nlOCA2-a0bJ8D7UQKB3GoKCsMI_ySInbOxmGLQ8uFpeLA8MuGd8M8X0JG0f2B6f9ALtq-YNOLx2hBHlEXb3m0v-xEezHlt1PrVD_TlRP9V1oayVzgiDyID0eB_RQIGI8XHm3epbYulhtRDn84Ao3R7LOQsKTsltLerOFEKTh7vfAJvomspq_upbtN3tiW_ybPjqNsf-pqqsJFhIFIu2Ayruo1jhrsdkM_bgF1MpaZfcWriBapRSPjqlhrqMRjhc3olx79D_9wtHH6VoHvzlvpICX13YqD90CgsGBkoqxBdhPElUqeq0n1p93Y_bzMThs8RZfFzGXSkdEU-OJVrG3_og0LaNzkVBD8QQ8IWRz5URq8T8L-yatSuO8Y-kDnxj6OaDys2kshg6h9DZ3F1LdY7zjEarBp7J8Ye6LMQwvresDCMlACfKNuDbu9nvNq_wraI_wvUz01oVn6noQRcD-B7bUpl2Q4Gj2Ow3TX6TwIiQQRrh1ysKJQ-PDS-odAxRV-EhAVBFn4cs34vywAD51AhOGBGA5J0hrozI3tB3FBxQOaOj0fELKU4JmQ5caWQmPA2buuNQbI2PPqgzQXQ3vdMBR0_9Ru-2b3Gs2BwIX6DC6E6Wkth4UdiUMKhckMFmi0eZmrIsUs3Ur_-0uQYBURcpijE

Error when sending request with JWT token in headers:
{ "code": 401, "message": "Unable to load an user with property \"username\" = \"kamran\". If the user identity has changed, you must renew the token. Otherwise, verify that the \"lexik_jwt_authentication.user_identity_field\" config option is correctly set." }

security.yml
security:

encoders:
    FOS\UserBundle\Model\UserInterface: bcrypt

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    in_memory:
        memory: ~

    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    login:
        pattern:  ^/api/login
        stateless: true
        anonymous: true
        json_login:
            check_path:               /api/login_check
            success_handler:          lexik_jwt_authentication.handler.authentication_success
            failure_handler:          lexik_jwt_authentication.handler.authentication_failure

    api_doc:
        pattern:  ^/api/doc
        stateless: true
        anonymous: true

    api:
        pattern:   ^/api
        stateless: true
        guard:
            authenticators:
                - lexik_jwt_authentication.jwt_token_authenticator

    main:
        pattern: ^/
        user_checker: security.user_checker
        form_login:
            provider: fos_userbundle
            csrf_token_generator: security.csrf.token_manager

        logout:       true
        anonymous:    true

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }`

config.yml:

`nelmio_api_doc:

documentation:
    host: '%site_host%'
    schemes: '%nelmio_api_scheme%'
    info:
        title: 4Art API
        description: This API is for 4Art Mobile App.
        version: 0.0.1
    securityDefinitions:
        Bearer:
            type: apiKey
            description: 'Value: Bearer {jwt}'
            name: Authorization
            in: header
    security:
        - Bearer: []
areas:
    default:
        path_patterns: [ ^/api ]

fos_user:

db_driver: orm # other valid values are 'mongodb' and 'couchdb'
firewall_name: main
user_class: AppBundle\Entity\User
from_email:
    address: "%mailer_user%"
    sender_name: "%mailer_user%"

lexik_jwt_authentication:

secret_key: '%kernel.project_dir%/config/jwt/private.pem' # required for token creation
public_key: '%kernel.project_dir%/config/jwt/public.pem'  # required for token verification
pass_phrase: '%pass_phrase%' # required for token creation, usage of an environment variable is recommended
token_ttl:  '%token_ttl%'
user_identity_field: username
token_extractors:
    # look for a token as Authorization Header
    authorization_header:
        enabled: true
        prefix:  Bearer
        name:    Authorization
    # check token in a cookie
    cookie:
        enabled: false
    # check token in query string parameter
    query_parameter:
        enabled: false`
Support

Most helpful comment

I had the same error. The problem for me was in my provider in my security.yaml file. I defined my provider's property on 'email', except that JWT was trying to authentificate the user based on the username link to the token, not on the email.
Hence, changing

providers:
        users_in_database:
            entity:
                class: 'App\Entity\User'
                property: 'email'

to

providers:
        users_in_database:
            entity:
                class: 'App\Entity\User'
                property: 'username'

in my security.yaml file solved the problem for me

All 4 comments

The authenticator is probably trying to load your user from the in-memory provider, as you don't specify the provider to use on the firewall secured by JWT (and you find a deprecation notice in your profiler panel as you're relying on the fact that the security bundle takes the first provider configured by default if none is specified for the firewall, which won't be the case in Symfony 5.0).
You should add provider: fos_userbundle to your api firewall.
Closing here, please tell us if it doesn't help so we can consider to reopen.

Hello , I have the same error , I use two provider. is it possible with lexik_jwt on the same pattern ? thank

Did somebody solve the issue?

I had the same error. The problem for me was in my provider in my security.yaml file. I defined my provider's property on 'email', except that JWT was trying to authentificate the user based on the username link to the token, not on the email.
Hence, changing

providers:
        users_in_database:
            entity:
                class: 'App\Entity\User'
                property: 'email'

to

providers:
        users_in_database:
            entity:
                class: 'App\Entity\User'
                property: 'username'

in my security.yaml file solved the problem for me

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Walkoss picture Walkoss  路  4Comments

tahina4 picture tahina4  路  4Comments

reducio picture reducio  路  4Comments

hiromik picture hiromik  路  3Comments

JuliusKoronci picture JuliusKoronci  路  4Comments