I have a Problem with my JWT Token Authentication. I am pretty new in Symfony and if I add an User Provider to my User Entity the Token Authentication doesn't work and you don't need a token in the header anymore => Access to anything. But if I remove the User Provider I get this message on every second request but the other request works fine with the token:
"There is no user provider for user "AppBundle\Entity\TbluserBase"
Can someone help me please or suggest some tutorials for this problem? I think I am missing or have to change something in my securtiy file.
JWT Authenticator
class JWT_Authenticator extends AbstractGuardAuthenticator {
private $Entity_Manager;
private $JWT_Encoder;
public function __construct(EntityManager $em, DefaultEncoder $jwt_Encoder) {
$this->Entity_Manager = $em;
$this->JWT_Encoder = $jwt_Encoder;
}
public function start(Request $request, AuthenticationException $authException = null) {
$error = ['error' => 'Auth header required'];
return new JsonResponse($error, 401);
}
public function getCredentials(Request $request) {
if (!$request->headers->has('Authorization')) return;
$extractor = new AuthorizationHeaderTokenExtractor(
'Bearer',
'Authorization'
);
$token = $extractor->extract($request);
if(!$token) return;
return $token;
}
public function getUser($credentials, UserProviderInterface $user_Provider) {
$data = $this->JWT_Encoder->decode($credentials);
if (!$data) return;
$username = $data['usrnickname'];
$user = $this->Entity_Manager
->getRepository('AppBundle:TbluserBase')
->findOneBy(['usrnickname' => $username]);
if (!$user) return;
return $user;
}
public function checkCredentials($credentials, UserInterface $user) { return true; }
public function onAuthenticationFailure(Request $request, AuthenticationException $exception) {
return new JsonResponse([
'message' => $exception->getMessage()
], 401);
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { return; }
public function supportsRememberMe() { return false; }
}
Security
security:
encoders:
Symfony\Component\Security\Core\User\User:
algorithm: bcrypt
cost: 15
FOS\UserBundle\Model\UserInterface:
algorithm: bcrypt
cost: 15
AppBundle\Entity\TbluserBase:
algorithm: bcrypt
cost: 15
harsh:
algorithm: bcrypt
cost: 15
# http://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
in_memory:
memory: ~
base_users:
id: app.user_provider
firewalls:
api:
pattern: ^/api/(?!Get_Token)
guard:
authenticators:
- app.jwt_token_authenticator
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
http_basic: ~
# activate different ways to authenticate
# http://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
#http_basic: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
#form_login: ~
access_control:
- { path: /api/Get_Token, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: [ROLE_USER, ROLE_API_USER] }
Services
parameters:
#parameter_name: value
services:
app.user_provider:
class: AppBundle\Security\UserBaseProvider
app.jwt_token_authenticator:
class: AppBundle\Security\JWT_Authenticator
arguments: ['@doctrine.orm.entity_manager', '@lexik_jwt_authentication.encoder.default']
#service_name:
# class: AppBundle\Directory\ClassName
# arguments: ['@another_service_name', 'plain_value', '%parameter_name%']
User Provider
class UserBaseProvider implements UserProviderInterface
{
public function loadUserByUsername($username)
{
$user = new TbluserBase();
$user->setUsrnickname($username);
return $user;
}
public function refreshUser(UserInterface $user)
{
return $user;
}
public function supportsClass($class)
{
return $class == 'AppBundle\Entity\TbluserBase';
}
}
I worked with these tutorials:
https://kolabdigital.com/lab-time/symfony-json-web-tokens-authentication-guard
