'401 Invalid JWT Token Lexik
I'm not sure why i Keep getting a wrong bearer token.
{
"code": 401,
"message": "Invalid JWT Token"
}
When i debug it on https://jwt.io/ i also get a Invalid Signature Response even tho the data is correct.
What causes this ? Are my configs wrong ?
Any help is welcome
Here is my security.yaml.
security:
enable_authenticator_manager: true
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
App\Entity\BackendUser:
algorithm: auto
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\BackendUser
property: email
auth_token:
id: App\Security\AuthTokenUserProvider
jwt:
id: App\Security\JwtUserProvider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
provider: auth_token
json_login:
check_path: /api/login
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
custom_authenticators:
- App\Security\UserAuthenticator
api:
pattern: ^/api
stateless: true
provider: jwt
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
easy_admin:
pattern: ^/admin
lazy: true
provider: app_user_provider
custom_authenticators:
- App\Security\EasyAdminAuthenticator
logout:
path: app_logout
target: app_login
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# Easy Admin Routes
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: IS_AUTHENTICATED_FULLY }
# Api Routes
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
# Translations
- { path: ^/translations, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/translations/grid, roles: IS_AUTHENTICATED_FULLY }
Here is my lexik_jwt_authentication.yaml
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
token_ttl: 2592000 # token TTL in seconds, defaults to 1 hour
user_identity_field: token
Not sure what other infos you might need. Let me know and i will update the post.
Thank you.
Solution 1:[1]
i share with you my config of my file security.yaml
security:
encoders:
App\Entity\User:
algorithm: argon2i
# https://symfony.com/doc/current/security.html#where-do-users-come-from- user-providers
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
# used to reload user from session & other features (e.g. switch_user)
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
registration:
pattern: ^/api/users
stateless: true
anonymous: true
methods: [POST]
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
anonymous: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
You can share screen or explain how you send your request to the app ? (because you must send it from postman for example)
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Muhamed RAFYQ |