I was creating a oauth server but I always encountered a 401 Unauthorized error when passing the JWT token to the OAuth2 server. My symfony app version is 6.3.
security.yml
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
providers:
app_user_provider:
entity:
class: App\Entity\User
firewalls:
api_token:
pattern: ^/api/token$
security: false
api:
pattern: ^/api
security: true
stateless: true
oauth2: true
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
login_throttling:
max_attempts: 3
interval: '5 minutes'
lazy: true
provider: app_user_provider
form_login:
login_path: app_login
check_path: app_login
enable_csrf: true
default_target_path: app_index
use_referer: true
logout:
path: app_logout
target: app_index
access_control:
- { path: ^/authorize, roles: PUBLIC_ACCESS }
- { path: ^/login, role: PUBLIC_ACCESS }
- { path: ^/token, role: PUBLIC_ACCESS }
- { path: ^/.well-known, roles: PUBLIC_ACCESS }
- { path: ^/api, role: ROLE_OAUTH2_EMAIL }
- { path: ^/, role: ROLE_USER }
when@test:
security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4
time_cost: 3
memory_cost: 10
API Controller
#[Route('/api/test', name: 'app_api_test')]
public function apiTest(): Response
{
/** @var User $user */
$user = $this->getUser();
return $this->json([
'message' => 'You successfully authenticated!',
'email' => $user->getEmail(),
]);
}
I've been following the tutorial of dwgebler. Here's the link to the page.
https://davegebler.com/post/php/build-oauth2-server-php-symfony
Thank you.
PS: The symfony version used in the tutorial is v6.1. I think the issue is the version, but I can't pinpoint it with my current understanding.
