Chapters
37 Chapters
|
3:43:31
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!
Subscribe to download the code!
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=8.2",
"ext-ctype": "*",
"ext-iconv": "*",
"api-platform/core": "^3.0", // v3.1.2
"doctrine/annotations": "^2.0", // 2.0.1
"doctrine/doctrine-bundle": "^2.8", // 2.8.3
"doctrine/doctrine-migrations-bundle": "^3.2", // 3.2.2
"doctrine/orm": "^2.14", // 2.14.1
"nelmio/cors-bundle": "^2.2", // 2.2.0
"nesbot/carbon": "^2.64", // 2.66.0
"phpdocumentor/reflection-docblock": "^5.3", // 5.3.0
"phpstan/phpdoc-parser": "^1.15", // 1.16.1
"symfony/asset": "6.2.*", // v6.2.5
"symfony/console": "6.2.*", // v6.2.5
"symfony/dotenv": "6.2.*", // v6.2.5
"symfony/expression-language": "6.2.*", // v6.2.5
"symfony/flex": "^2", // v2.2.4
"symfony/framework-bundle": "6.2.*", // v6.2.5
"symfony/property-access": "6.2.*", // v6.2.5
"symfony/property-info": "6.2.*", // v6.2.5
"symfony/runtime": "6.2.*", // v6.2.5
"symfony/security-bundle": "6.2.*", // v6.2.6
"symfony/serializer": "6.2.*", // v6.2.5
"symfony/twig-bundle": "6.2.*", // v6.2.5
"symfony/ux-react": "^2.6", // v2.7.1
"symfony/ux-vue": "^2.7", // v2.7.1
"symfony/validator": "6.2.*", // v6.2.5
"symfony/webpack-encore-bundle": "^1.16", // v1.16.1
"symfony/yaml": "6.2.*" // v6.2.5
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.4", // 3.4.2
"mtdowling/jmespath.php": "^2.6", // 2.6.1
"phpunit/phpunit": "^9.5", // 9.6.3
"symfony/browser-kit": "6.2.*", // v6.2.5
"symfony/css-selector": "6.2.*", // v6.2.5
"symfony/debug-bundle": "6.2.*", // v6.2.5
"symfony/maker-bundle": "^1.48", // v1.48.0
"symfony/monolog-bundle": "^3.0", // v3.8.0
"symfony/phpunit-bridge": "^6.2", // v6.2.5
"symfony/stopwatch": "6.2.*", // v6.2.5
"symfony/web-profiler-bundle": "6.2.*", // v6.2.5
"zenstruck/browser": "^1.2", // v1.2.0
"zenstruck/foundry": "^1.26" // v1.28.0
}
}
19 Comments
Hello machines! After finishing the course I'm trying to add the authenticator to coexist with another one I already had in the project where I'm trying to implement the api. But it seems that something doesn't work, well
This is the security.yaml file:
If I don't put ROLE requirement in api resource, it makes the query and returns fine, but when I put for example that I need ROLE_ADMIN, or any other role, the response is a code 200 and returns the login template that my project has, in this case the LoginAuthenticator.
How can I make these two logins coexist?
That the LoginAuthenticator that my project already had should use sessions and the API one should not use them with
stateless: trueand use the ApiTokenHandler that was made in the course.As far as I'm following the course right now it works fine except for one detail.
When I put in the authentication ‘Bearer asasassa’ the invalid key error appears perfectly, and if I put a correct Bearer it makes the request correctly, but if I don't put any Bearer it also returns the data.
But if I don't set any Bearer it returns the data too, shouldn't it say that there is no api key or that it is not correct?
Hey @Rodrypaladin!
That's actually a great question! When you send with no Bearer, to Symfony, this simply looks like a request that is not trying to send authentication info. The token isn't wrong, there just is no token. The result is that the request is basically "anonymous" / not logged in. If the endpoint that's reached does not require auth, the endpoint will return the real data. If the endpoint does require auth, then it should reject the request with a 401 Unauthorized.
Let me know if that clarifies.
Cheers!
I see this error:
and it works if we do
stateless: true,so in Symfony 7, is this how it works ?
When I authorize using token ( I'm using Symfony 7 ), then it throws following error, but can't we just run session app and API at the same time in Symfony like you're doing in this lecture ?
Hey @sujal_k!
Sorry for the slow reply! To make sure I understand: you need to run a normal session-based security app and a stateless, API token version at the same time? Can you explain the requirements a bit more, that'll help me with a better answer.
Cheers! And sorry to not offer any useful info yet!
When I log out and try to use the token to log in in the authorization button. It doesn't log me in, when I go to security in the profiler, it says "There is no security token.". Even if the token is not valid, I still get a 200 with the data.
I think I followed the steps correctly, any ideas?
Heyy!!
I have the same problem,
i did the same config, and i'm alawys getting a 200 response (with valid or not token plus without Authorization header param)
But when i comment the lazy config i still get a 200 if not Authorization passed in header, and 401 if no valid token
Hi, I experience the same behavior. It seems something is missing in the video...
Can anyone help, please?
@MolloKhan ?
Hey @Twigsee
Sorry for my late reply. I have the same question as here https://symfonycasts.com/screencast/api-platform-security/access-token-authenticator#comment-31679
I believe your authenticator might be misconfigured, let's debug that first
Cheers!
Hi @MolloKhan
I am using Caddy, and having the same issue with loggin in,
When I try to authenticate/ login,
I get a "There is no security token." in my profiler >> security
Does "SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1" this work for Caddy users as well,
I dont know where to put this as I dont have .htaccess file
Hey @Teddy-B
I've not worked with Caddy yet so I don't know how to make it work. Have you asked ChatGPT or any other AI? You may be surprised of how good they are for this kind of problem
Cheers!
Thanks I have heard of ChatGPT never thozght it was something I really wanted to use, but I was indeed impressed with the ansers, I havent solved the issue yet, but I think I am close, I guess I just ask around at stackoverflow then.
Thanks for you quick reply Though!
I figured out I just had to add Content-Type: application -json on the headers and got it working... cant believe it
Ha! So it was not the web server. I thought ApiPlatform adds that header automatically for you but I think Symfony short-circuits the workflow when you try to log in
Thanks for sharing!
I think becaue I am using CORS, intergrating 2 appliciations. I got docker setup and the frontend (React) is seperated from the Backend (Symsony)
Hey @ToNy
Can you see in the profiler the security process kicking in? I think your authenticator is not been called for some reason.
I had my apache misconfigured. I solved with the (in)famous:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1Thanks for your reply.
Hi !
This example shows how to get User when JWT TOKENs are stored in database.
I'm using LexikJWTAuthenticationBundle. Users are not stored in database.
I want to retrieve Connected User when making request with the generated TOKEN.
How can i do this with class ApiTokenHandler ?
Please help me ! Thanks You
Hi @Ange-B,
Can you give more context? Where exactly do you want to get User info?
IIRC if you are using
LexikJWTAuthenticationBundleit already stores the user info in symfony security system, so it can be easily accessed from anywhere, all you need isloveautowireSecurityclass from Security bundle and use$this->security->getUser()method to get current authenticated userPS maybe I'm missing something so waiting for your feedback
Cheers!
"Houston: no signs of life"
Start the conversation!