401 Bad credentials [lexik/JWTBundle]

Question

I am building an API. When I create a user I receive a token. But when I change the information of my user can not reconnect and I receive the 401 error code with the message Bad credentials. How to solve the problem, please?

I use FOSRestBundle, lexikJWTAuthenticator and NelmioCORSBundle

# security.yaml

security:
    encoders:
        App\Entity\User:
            algorithm: argon2i

    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email

    firewalls:

        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        signup:
            pattern: ^/api/signup
            stateless: true
            anonymous: true

        signin:
            pattern: ^/api/signin
            stateless: true
            anonymous: true
            json_login: 
                check_path: /api/signin
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure

        api:
            pattern: ^/api
            stateless: true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

        main:
            anonymous: true

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#firewalls-authentication

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true
    role_hierarchy:
        ROLE_ADMIN: ROLE_USER

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/api/signin, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/signup, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        # - { path: ^/api, roles: IS_AUTHENTICATED_ANONYMOUSLY, methods: GET }
        # - { path: ^/api, roles: IS_AUTHENTICATED_FULLY, methods: [PUT, DELETE, POST] }
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }

# lexik_jwt_authentication.yaml

lexik_jwt_authentication:
    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
    pass_phrase: '%env(JWT_PASSPHRASE)%'
    token_ttl: 3600

Thanks

score 0 · Answer 1 · answered Jun 07 '19 at 05:36

0

Try to regenerate the SSH keys again

here is the link LexikJWT Generate the SSH keys

and make sure about your pass_phrase in Configuration

answered Jun 07 '19 at 05:36

habibun

1,552
2
14
29

what web server you are using? – habibun Jun 07 '19 at 10:29
I am on Symfony server with bin/console server:run – Freezer Jun 07 '19 at 11:36
did you tried using postman or other tools not in the browser because I am guessing the problem may occur from headers because the browser automatically pass some headers so u may try some other tool to check API – habibun Jun 07 '19 at 11:51
I use postman and curl for test my API, sorry i have forgot to specify it – Freezer Jun 07 '19 at 12:08

score -1 · Answer 2 · answered Jun 09 '19 at 16:05

-1

Did you try yo regenerate your token, or you get a 401 with your new token. If you changed the user information you should reconnect and get a new token

answered Jun 09 '19 at 16:05

A. Ecrubit

561
6
20

401 Bad credentials [lexik/JWTBundle]

2 Answers2