I am using JWT with Symfony. Any assitance will be appreciated.
Symfony Version: Symfony 3.4.23 (kernel: app, env: dev, debug: true)
JWT Version: "lexik/jwt-authentication-bundle": "^2.6",
JWT Token Created:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE1NTMyNjMwMDcsImV4cCI6MTU1NTg1NTAwNywidXNlcm5hbWUiOiJrYW1yYW4ifQ.OmAGR_ogFjhvEuC74nlOCA2-a0bJ8D7UQKB3GoKCsMI_ySInbOxmGLQ8uFpeLA8MuGd8M8X0JG0f2B6f9ALtq-YNOLx2hBHlEXb3m0v-xEezHlt1PrVD_TlRP9V1oayVzgiDyID0eB_RQIGI8XHm3epbYulhtRDn84Ao3R7LOQsKTsltLerOFEKTh7vfAJvomspq_upbtN3tiW_ybPjqNsf-pqqsJFhIFIu2Ayruo1jhrsdkM_bgF1MpaZfcWriBapRSPjqlhrqMRjhc3olx79D_9wtHH6VoHvzlvpICX13YqD90CgsGBkoqxBdhPElUqeq0n1p93Y_bzMThs8RZfFzGXSkdEU-OJVrG3_og0LaNzkVBD8QQ8IWRz5URq8T8L-yatSuO8Y-kDnxj6OaDys2kshg6h9DZ3F1LdY7zjEarBp7J8Ye6LMQwvresDCMlACfKNuDbu9nvNq_wraI_wvUz01oVn6noQRcD-B7bUpl2Q4Gj2Ow3TX6TwIiQQRrh1ysKJQ-PDS-odAxRV-EhAVBFn4cs34vywAD51AhOGBGA5J0hrozI3tB3FBxQOaOj0fELKU4JmQ5caWQmPA2buuNQbI2PPqgzQXQ3vdMBR0_9Ru-2b3Gs2BwIX6DC6E6Wkth4UdiUMKhckMFmi0eZmrIsUs3Ur_-0uQYBURcpijE
Error when sending request with JWT token in headers:
{
"code": 401,
"message": "Unable to load an user with property \"username\" = \"kamran\". If the user identity has changed, you must renew the token. Otherwise, verify that the \"lexik_jwt_authentication.user_identity_field\" config option is correctly set."
}
security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api_doc:
pattern: ^/api/doc
stateless: true
anonymous: true
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
main:
pattern: ^/
user_checker: security.user_checker
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }`
config.yml:
`nelmio_api_doc:
documentation:
host: '%site_host%'
schemes: '%nelmio_api_scheme%'
info:
title: 4Art API
description: This API is for 4Art Mobile App.
version: 0.0.1
securityDefinitions:
Bearer:
type: apiKey
description: 'Value: Bearer {jwt}'
name: Authorization
in: header
security:
- Bearer: []
areas:
default:
path_patterns: [ ^/api ]
fos_user:
db_driver: orm # other valid values are 'mongodb' and 'couchdb'
firewall_name: main
user_class: AppBundle\Entity\User
from_email:
address: "%mailer_user%"
sender_name: "%mailer_user%"
lexik_jwt_authentication:
secret_key: '%kernel.project_dir%/config/jwt/private.pem' # required for token creation
public_key: '%kernel.project_dir%/config/jwt/public.pem' # required for token verification
pass_phrase: '%pass_phrase%' # required for token creation, usage of an environment variable is recommended
token_ttl: '%token_ttl%'
user_identity_field: username
token_extractors:
# look for a token as Authorization Header
authorization_header:
enabled: true
prefix: Bearer
name: Authorization
# check token in a cookie
cookie:
enabled: false
# check token in query string parameter
query_parameter:
enabled: false`
The authenticator is probably trying to load your user from the in-memory provider, as you don't specify the provider to use on the firewall secured by JWT (and you find a deprecation notice in your profiler panel as you're relying on the fact that the security bundle takes the first provider configured by default if none is specified for the firewall, which won't be the case in Symfony 5.0).
You should add provider: fos_userbundle to your api firewall.
Closing here, please tell us if it doesn't help so we can consider to reopen.
Hello , I have the same error , I use two provider. is it possible with lexik_jwt on the same pattern ? thank
Did somebody solve the issue?
I had the same error. The problem for me was in my provider in my security.yaml file. I defined my provider's property on 'email', except that JWT was trying to authentificate the user based on the username link to the token, not on the email.
Hence, changing
providers:
users_in_database:
entity:
class: 'App\Entity\User'
property: 'email'
to
providers:
users_in_database:
entity:
class: 'App\Entity\User'
property: 'username'
in my security.yaml file solved the problem for me
Most helpful comment
I had the same error. The problem for me was in my provider in my security.yaml file. I defined my provider's property on 'email', except that JWT was trying to authentificate the user based on the username link to the token, not on the email.
Hence, changing
to
in my security.yaml file solved the problem for me