Lexikjwtauthenticationbundle: "Bad credentials" after the first login_check

Created on 16 Oct 2014  路  16Comments  路  Source: lexik/LexikJWTAuthenticationBundle

Hi,

I'm trying to use this Bundle with FOSUserBundle.

When I call /api/login_check, the JWT is generated, but if I do it a second call with the same username and the same password I have a :

{
    code: 401
    message: "Bad credentials"
}

And at every call to other api route I have a :

{
    code: 401
    message: "Invalid credentials"
}

I already use this bundle on an other app without FOSUser and it's works fine.

Bad config ? Thanks.

Most helpful comment

Use _username and _password as POST parameters. After some debuging, I found that those values are the default ones to use.

All 16 comments

Hi @brunonic I see you closed this issue, did you find the source of the problem ?

Yes, or not. The issue was misspoke.

The first problem is resolved, cause of a mistake. But the "Invalid credentials" on each call, no.

In the database, the last_login value of my user is updated but if I look the profiler, the user is never logged. No security token generated.

Don't know if it's an issue for your Bundle or FOSUB... Sorry

No problem, let us know if you find a bug in the integration with FOSUserBundle !

Hello, did you find a solution please ?

Hi, could it be related to #49 ?

Hi, I tried to add the provider; the token is generated and I find the authorization header but with 401 "You are not authenticated".
this is my security.yml file:

encoders:
    FOS\UserBundle\Model\UserInterface: sha512

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_API:         ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:
    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    login:
        pattern:  ^/api/login
        provider: fos_userbundle
        stateless: true  
        anonymous: true
        form_login:
            check_path:     fos_user_security_check
            require_previous_session: false
            success_handler:          lexik_jwt_authentication.handler.authentication_success
            failure_handler:          lexik_jwt_authentication.handler.authentication_failure

    api:
        pattern:   ^/api
        stateless: true
        provider: fos_userbundle
        lexik_jwt: 
            authorization_header: 
                enabled: true
                prefix:  Bearer
            query_parameter:      
                enabled: true
                name:    bearer
            throw_exceptions:        false   
            create_entry_point:      true                    


access_control:
    - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api,       roles: [IS_AUTHENTICATED_FULLY]}

Hi,
the probleme was :
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(._)
RewriteRule ._ - [e=HTTP_AUTHORIZATION:%1]
SHOULD BE in Virtualhost tag, NOT in Directory tag.
thank you :)

I have similar problem, use curl get "401 Bad credentials", But with phpunit it works, get token.
what is the problem?

Hi @shawnriis, could you paste your curl command here?

This is my curl command:
curl -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"user":"user", "pass":"password"}' 'http://dmsapi/api/login_check'
I get:
{"code":401,"message":"Bad credentials"}
It works with same settings in previous project with Symfony 2.8 + lexik/jwt-authentication-bundle 1.6/2.0
Currently Symfony 3.1 + lexik/jwt-authentication-bundle 2.0.
While with phpunit:
Client::request('POST', '/api/login_check', array('user' => 'user', 'pass' => 'password'))
can get Token.
@chalasr could you help?

I have the same issue here with Symfony 3 and FOS User Bundle.

I have same issue please help?

Use _username and _password as POST parameters. After some debuging, I found that those values are the default ones to use.

I was struggling with the same issue for hours. I realized I didn't setup apache virtual host correctly. So I added

    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

and it worked fine.

https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md#configuration

I had the same issue, the solution for me was json_login instead of form_login in security.yml

Don't forget to enable the user after registration. I solved my problem like that.

Was this page helpful?
0 / 5 - 0 ratings