0

I implement a Symfony Backend with Authentication via the Lexik Bundle. Everything is working as expected. If I send a request to my /authentication_token endpoint I get a token and refresh token. With this token I am able to access protected routes. Now I want that my Backend extract token from a cookie. I set the lexik config like this.

lexik_jwt_authentication:
    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
    pass_phrase: '%env(JWT_PASSPHRASE)%'

    token_extractors:
        authorization_header:
            enabled: false
            prefix:  Bearer
            name:    Authorization
        cookie:
            enabled: true
            name:    Bearer

Also because I set authorization_header to false the authentication not working with authorize header anymore (as expected). But the Backend does not access a token from cookie. I setup a Vue application that is setting a cookie with the name "Bearer". The value is a hard defined token value i created manually. But i Still get 401 (unauthorized) reponse. Does anyone has experience with this? It would help me a lot :)

Jan Wolfram
  • 145
  • 8
  • I would debug whether the cookie arrives in the bundle and is processed. Otherwise, nothing looks wrong at first. – Hans FooBar Apr 22 '23 at 20:38
  • Did you find a solution? I am experiencing the exact same issue, with the exact same setup as you mentioned in the post. – Tomas Apr 30 '23 at 22:17
  • @Tomas yes I did. The Cookie Extractor was working as expected. I tried sending the Cookie with Postman and it worked. After that I was looking more deeper in the error of Vue. The real error for me was not because of being unauthorized. I am having CORS error, when sending the Cookie from my Vue Frontend to the Symfony Backend. Fixing that Cors issue should solve the problem. – Jan Wolfram May 01 '23 at 05:14
  • 1
    Ah perfect, thank you @JanWolfram! I started debugging that and found the issue. Not the same issue but helped me look in the right spot. For me the issue was that the route was not configured to require authorisation ;) – Tomas May 04 '23 at 10:33

0 Answers0