03.
LexikJWTAuthenticationBundle
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
Whoops, an error! Please, try again later.
22 Comments
Hi guys,
i tried to install with the command
composer require "lexik/jwt-authentication-bundle"
and it failed totally with some notes like:
"Your requirements could not be resolved to an installable set of packages."
"symfony/security-bundle v3.4.0 conflicts with symfony/symfony[v3.0.3]."
and at the end
"Installation failed, reverting ./composer.json to its original content."
So i wrote the sentence below and i didn t have no one problem with the instalation
composer require "lexik/jwt-authentication-bundle" ^2.0
Hey argy_13 ,
Hm, "composer require lexik/jwt-authentication-bundle" and "composer require 'lexik/jwt-authentication-bundle:^2.0'" are the same actually and should install the latest v2.5.3 version, but looks like Composer works in a bit different strategies. When you do not specify a certain version - it looks a compatible release in 2.5 branch only, but if you specify a version manually, Composer look for a compatible version in a range from the specified version to the latest version, that's why the 2nd command works.
In shorts, the 2.5 branch of lexik/jwt-authentication-bundle was bumped to support Symfony 3.4+ only, but we we're on 3.0 in this course. Btw, you can run: "composer why-not 'lexik/jwt-authentication-bundle:^2.5'" to get more info from Composer why not. And thanks for sharing this problem with others!
Cheers!
Hi guys, can we use this tutorial for Symfony 4?
Also, can't we already protect url's from unwanted visitors by adding the security annotations, isn't that enough if you only want to use Symfony?
Keep being awesome!
Yo Jelle S.!
Hey! o/ 😀
Yes and no. You'll definitely need to adapt some big things, as this tutorial is getting pretty old. It's still a great tutorial to learn some general things from, but it's starting to show its age. Our much newer tutorial about API Platform is another great option and can get you set up faster. Though, this tutorial teaches you many "lower-level" things. So it depends if you are here to learn some deep stuff or just get some work done quickly :).
Are you talking about things like
@Security("is_granted('ROLE_USER')")(or the simpler, and equivalent@IsGranted("ROLE_USER"))? If so... yes... but I'm not sure if I'm answering the question correctly. We do use these annotations in this tutorial and they're great. And you can use them whether you're building an API or a traditional web app. Those annotations andaccess_controlin security.yaml and$this->denyAccessUnlessGranted()are all about "authorization": denying the current user access to something based on some logic. How a user authenticates - a login form, JWT token, something else crazy - is a totally separate topic. You can have a login form and use the security annotations just fine. Or if you need some fancy JWT thing, you can also use the security annotations. That system doesn't actually know or care how the user logged in: it's simply checking that whoever is logged in has a role or not.Let me know if that helps! I have a tendency to sometimes completely answer the wrong question ;).
Cheers and happy new year!
Hi guys,
Struggling with generating public key from private key in windows 10, couldn't succeed, googled a lot as well. First I was stuck with private key then I used -passout pass:Password option and it worked, now public key command is not working. If anyone one has faced the same issue and resolved it please let me know your solution.
Thank you in advance.
Wazir
Resolved this issue, if anyone else facing the same issue, please install openssl again, download it from here.
Hey Wazir,
I'm glad you got it working! And thank you for sharing your solution with others.
Cheers!
I am trying to setup Leixk JWT Authentication Bundle, and I have a strange issue with using environment variables.
config/packages/lexik_jwt_authentication.yaml:
// Doesn't work
lexik_jwt_authentication:
# This file is a "template" of which env vars need to be defined for your application
# Copy this file to .env file for development, create environment variables when deploying to production
# https://symfony.com/doc/current/best_practices/configuration.html#infrastructure-related-configuration
###> symfony/framework-bundle ###
APP_ENV=dev
APP_SECRET=2a9b9734ac76f90a8d60b0756d62c868
#TRUSTED_PROXIES=127.0.0.1,127.0.0.2
#TRUSTED_HOSTS=localhost,example.com
###< symfony/framework-bundle ###
###> doctrine/doctrine-bundle ###
# Format described at http://docs.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
# For an SQLite database, use: "sqlite:///%kernel.project_dir%/var/data.db"
# Configure your db driver and server_version in config/packages/doctrine.yaml
DATABASE_URL=mysql://homestead:secret@127.0.0.1:3306/homestead
###< doctrine/doctrine-bundle ###
###> symfony/swiftmailer-bundle ###
# For Gmail as a transport, use: "gmail://username:password@localhost"
# For a generic SMTP server, use: "smtp://localhost:25?encryption=&auth_mode="
# Delivery is disabled by default via "null://localhost"
MAILER_URL=null://localhost
###< symfony/swiftmailer-bundle ###
###> lexik/jwt-authentication-bundle ###
JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
JWT_PASSPHRASE=ilikedogs
###< lexik/jwt-authentication-bundle ###
Hey Shaun T.
That's weird, try removing the "resolve" part for "pass_phrase" parameter
What error message did you get?
Cheers!
Hey MolloKhan
Thanks for your reply, I tried removing resolve but that din't make any difference. Here is the error message I get:
[2018-09-05 22:30:09] request.CRITICAL: Uncaught PHP Exception Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTEncodeFailureException: "Unable to create a signed JWT from the given configuration." at /Users/shaunthornburgh/Documents/Development/homemates/vendor/lexik/jwt-authentication-bundle/Encoder/LcobucciJWTEncoder.php line 41 {"exception":"[object] (Lexik\\Bundle\\JWTAuthenticationBundle\\Exception\\JWTEncodeFailureException(code: 0): Unable to create a signed JWT from the given configuration. at /Users/shaunthornburgh/Documents/Development/homemates/vendor/lexik/jwt-authentication-bundle/Encoder/LcobucciJWTEncoder.php:41)"} []
Hmm, and you say that without using a "env" variable it works?
Try this
pass_phrase: '%env(string:JWT_PASSPHRASE)%'Thanks, but that generates the same error message...
Hey Shaun T.!
Oh boy, you've got a tricky one! First, as you know, the bundle is intended to be used, exactly as you're using it. So, there "shouldn't" (but quotes around that) be any surprises. So... this is surprising ;).
There are a few ways we can start debugging this:
1) Run
php bin/console about. Near the bottom, you'll see the current environment variables that are set. My guess is that JWT_PASSPHRASE will be set to your password, but, let's look at this to be sure :).2) You'll need to do a little digging ;). I'm not 100% sure if this is the right place, but I would try to do a
var_dump($this->keyLoader->getPassphrase());die;right before this line: https://github.com/lexik/LexikJWTAuthenticationBundle/blob/3c83eff7a87dcf983fca0a98334946facc0b7169/Services/JWSProvider/LcobucciJWSProvider.php#L147-L150 - I'm curious to see if this is the correct passphrase, or something else. If this die statement isn't hit, let me know.Mostly, I just can't see why this issue would happen. So... that's why we're debugging :).
Cheers!
Thanks for your advice weaverryan
Ok I noticed something weird, if I run bin/console about with the passphrase set manually in config/packages/lexik_jwt_authentication.yaml, it outputs:
string(9) "ilikedogs"
However if I set it to '%env(resolve:JWT_PASSPHRASE)%', it outputs:
string(32) "d9f081115756b52521cb7a1e775d05c3"
Hey Shaun T.!
Wow! That IS weird! We have a mystery :D. But, I might have an idea. Here is a key phrase from the DotEnv component docs:
I wonder if, somehow, you've setup a JWT_PASSPHRASE environment variable somewhere else. And so, when your .env file is being loaded, it does NOT override this environment variable. You could debug this by opening
public/index.phpand putting this line right on top:Does this print something?
Cheers!
Hey Ryan,
I got to the bottom of this. JWT_PASSPHRASE was being set separately in phpunit.xml.dist. I updated the value, and everything is working :)
Hello !
Thank you very much for this lesson. And for the whole website too, it's fantastic.
I'm just having a problem on this particular JWT authentification. I have an API that has been developped in Symfony 3.3 that worked well on the internet. But now that I'm trying to run it locally (to make changes), I don't manage to set JWT authentification properly :/
What I have done so far :
- retrieved public and private keys and put them into the var/jwt folder
- set right passphrase in the parameters.yml file
The token are created and sent to the client. But when the client want to use the token to authenticate himself, it says "Invalid JWT Token". How is it possible ? Since the creation process has worked ...
Hey @Jazz
Thanks for the compliment :)
First let's double check that you are actually passing the right values to your API, dump your credentials just before using them for authentication. If that's not the case, then, let's keep debugging until find the error!
Cheers!
Hello,
Is it possible to use this bundle without a pair login/password ? I would like in my application give the possibility to login with the pair or just with the email. What do you think ?
Thanks
Hey Ingvald O.!
Hmm. Can you tell me a little bit more about what you want to do? When you talk about the "pair login/password", are you password that's used to create the public & private keys? Do you want to avoid using the public/private keys?
Let me know - I'm just not sure yet what your idea is ;).
Cheers!
Sorry, Bad question!
No i dont speak about the pair public/private Key, i would like to register my user by an Android app just with their email and i want to know if it is possible or notre with lexikJwt?
Hey Ingvald O.!
Ah! Yep! this is totally possible. Actually, the LexikJWT library has nothing to do with whether or not you use a username & password. Basically, the "flow" would look like this:
A) You create an endpoint where a user can register. In your case, I guess you just send the email the user wants, and your Symfony app will save this to the database.
B) Typically, step 2 would be that you would create some /login endpoint, where you would POST the username & password, and there, you would create & return a JWT. That is basically this step: https://knpuniversity.com/s.... However... because you don't have a password, I'm not sure if this makes sense. It may make more sense to just return the JWT in step (A), right after the user authenticates. The only tricky thing is how the user (your Android app) will fetch a new token later after the original JWT expires. I mean, you could make your JWT *never* expire... I guess... it depends on how secure your app needs to be :). Anyways, this is the one part that I'm not sure about... just because it's so odd to not have a password.
C) Finally, once the user has a JWT (either because you gave it to them in step A or step B), you create an authenticator that authenticates the request when the JWT is sent. We do that here: https://knpuniversity.com/s...
So, having no password shouldn't cause any problems. However, it's possible (I'm just not sure) that you may need to do a few more things "manually" versus using tools in the bundle. Really, this is what we do in this tutorial: we use the Lexik bundle... but mostly we only use its low-level features: we implement step (B) and (C) manually.
Cheers!
"Houston: no signs of life"
Start the conversation!