I'm working on a Symfony 6.2 project for an admin panel (for a mobile app). The project has those bundles :
- Sonata Admin 4.24
- Sonata User 5.9
- API Platform 3.1
- Lexik JWT Authentication 2.19
I have configured and installed the Sonata's bundles and it works well. I have added the API Platform, and it works well too. But since I need to do some critical action via the API endpoint, I added JWT Auth. And this, it's not working at all.
I have this configuration for my firewalls in security.yaml :
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
lazy: true
pattern: /admin(.*)
provider: sonata_user_bundle
context: user
form_login:
login_path: sonata_user_admin_security_login
check_path: sonata_user_admin_security_check
default_target_path: sonata_admin_dashboard
logout:
path: sonata_user_admin_security_logout
target: sonata_user_admin_security_login
remember_me:
secret: "%env(APP_SECRET)%"
lifetime: 2629746
path: /admin
api:
jwt: ~
pattern: ^/api
provider: sonata_user_bundle
stateless: true
json_login:
check_path: /api/app_users/auth
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
And this into routes.yaml :
authentication_token:
path: /api/app_users/auth
methods: ['POST']
I can get a token via the /api/app_users/auth endpoint, like this :
But when I try to access other endpoints, I get this : {"code":401,"message":"JWT Token not found"}
In Postman, I have added the token bearer, I try my tokens through jwt.io and they are signed.
I try with this cUrl command :
curl -v -X GET "http://localhost:8080/api/app_users" -H "Accept: application/ld+json" -H "Authorization: Bearer {eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE2ODYzMTE2MTEsImV4cCI6MTY4NzMxMTYxMCwicm9sZXMiOlsiUk9MRV9BRE1JTiIsIlJPTEVfU1VQRVJfQURNSU4iLCJST0xFX1VTRVIiXSwidXNlcm5hbWUiOiJ0ZXN0QGFkbWluLmNvbSJ9.Q0OBJSq4gxwR1Ud_sGFA4smZro_8kn6NguicOBjGPeJ3OwOQKblSkxUYnqVsPOAOGy0Up50umk0b-tYc2bxzBhyDkZiKalT1kvyAvOlyd_BXLFsYk4uyNhehyni4pwBG_-JKA2NSumRCVSnV1vg8AVDmMUUalksjuKfR9Lsqfu8D6PIBvFm_eLR4m9WrvDQbE7gC6dQJaJE6UR2syvhSO-2PZX1EmpP2Y3QHe05pq27YtEeQ9Dflr6rI0E0DuFWsuA2qhwPAtZZtlCgIr-aL2S5raMbdnbesg3d61GVf3Gz0IHBAqyUnK7tJW_z8o_w-uTLX5LpICoGQ-Ctp417kWA}" -H "Content-Type: application/ld+json"
But I get this response :
* Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /api/app_users HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.87.0
> Accept: application/ld+json
> Authorization: Bearer {eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE2ODYzMTE2MTEsImV4cCI6MTY4NzMxMTYxMCwicm9sZXMiOlsiUk9MRV9BRE1JTiIsIlJPTEVfU1VQRVJfQURNSU4iLCJST0xFX1VTRVIiXSwidXNlcm5hbWUiOiJ0ZXN0QGFkbWluLmNvbSJ9.Q0OBJSq4gxwR1Ud_sGFA4smZro_8kn6NguicOBjGPeJ3OwOQKblSkxUYnqVsPOAOGy0Up50umk0b-tYc2bxzBhyDkZiKalT1kvyAvOlyd_BXLFsYk4uyNhehyni4pwBG_-JKA2NSumRCVSnV1vg8AVDmMUUalksjuKfR9Lsqfu8D6PIBvFm_eLR4m9WrvDQbE7gC6dQJaJE6UR2syvhSO-2PZX1EmpP2Y3QHe05pq27YtEeQ9Dflr6rI0E0DuFWsuA2qhwPAtZZtlCgIr-aL2S5raMbdnbesg3d61GVf3Gz0IHBAqyUnK7tJW_z8o_w-uTLX5LpICoGQ-Ctp417kWA}
> Content-Type: application/ld+json
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Date: Fri, 09 Jun 2023 12:04:54 GMT
< Server: Apache/2.4.56 (Debian)
< X-Powered-By: PHP/8.2.6
< WWW-Authenticate: Bearer
< Cache-Control: no-cache, private
< Link: <http://localhost:8080/api/docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation"
< X-Debug-Token: 05c5c0
< X-Debug-Token-Link: http://localhost:8080/_profiler/05c5c0
< X-Robots-Tag: noindex
< Transfer-Encoding: chunked
< Content-Type: application/json
<
* Connection #0 to host localhost left intact
{"code":401,"message":"JWT Token not found"}%
I tried multiple things, like changing some configurations into the security.yaml and I found nothing which helped me in SO but nothing is working right now.
It's my first time with JWT so I have to admit I don't know where to start...
