Please help.. FOSUserBundle with LexikJWTAuthenticationBundle

[Nik Spijkerman]

Hi

I'm trying to build the user authentication part of my REST api, and I'm not sure how to link FOSUserBundle and LexikJWTAuthenticationBundle together.
I've installed them pretty much as per the documentation in each, and FOSUser is working fine. I'm able to login in the normal way through a web form.

Ideally, I'd like to keep the web form functioning as it currently is, as I have a SysAdmin area that is not running on an API, and need authentication and authorization for that.

My main issue is how am I meant to setup the routing and controllers to use the FOSUserBundle to authenticate a /api/login request and return a JWT?
Currently I'm getting a route /api/login does not exist error, which is correct as I have not defined any routes for it, but the LexikJWTAuthenticationBundle docs has no mention of creating routes or creating a controller action.

Thanks in advance
Nik

[Jérémiah Valérie]

Hi,

You must enabled the api login_check route:

#in app/config/routing.yml:

api_login_check:

   path: /api/login_check

and config firewalls:

#in app/config/security.yml

firewalls:

   sysadmin:

       pattern: ^/sysadmin

       ...

   api_login:

       pattern: ^/api/login

       stateless: true

       anonymous: true

       form_login:

           check_path: /api/login_check

           require_previous_session: false

           username_parameter: username

           password_parameter: password

           success_handler: lexik_jwt_authentication.handler.authentication_success

           failure_handler: lexik_jwt_authentication.handler.authentication_failure

api:

pattern: ^/api

stateless: true

# advanced configuration

lexik_jwt:

authorization_header: # check token in Authorization Header

enabled: true

prefix: Bearer

query_parameter: # check token in query string parameter

enabled: true

name: bearer

throw_exceptions: false # When an authentication failure occurs, return a 401 response immediately

create_entry_point: true # When no authentication details are provided, create a default entry point that returns a 401 response

access_control:

- { path: ^/

sysadmin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }

- { path: ^/

sysadmin$, role: ROLE_ADMIN }

- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }

- { path: ^/api, roles: ROLE_API }

A full example can be found here https://github.com/slashfan/LexikJWTAuthenticationBundleSandbox .

To finish you can test with curl in cli:

$ curl -X POST -d '{"username": "my-user", "password": "my-password"}' http://my-url.com/api/login_check

Your user must be promoted with ROLE_API to be able to login in my example.

[federico panini]

Hi guys I'm testing this bundle and I would like to do the same thing as Nik Spijkerman.

Now I have my regular website with Symfony2.3.18 setup to authenticate users with form login

and it works perfectly, the (following Jérémiah Valérie), I set up the lexik jwt bundle with config

options as above.

When I do the curl asdescribe above to authenticate the user the response is still the same : "Bad credentials"

The user I'm trying to authenticate as the role : ROLE_USER and ROLE_API

anyone can suggest me what's going on ?

thank you

very much

Federico Panini

[federico panini]

Ok I solved: 
I forgot to set the "Content-Type:application/json" as header parameter :)

Federico

[Di majo]

MT103/202 DIRECT WIRE TRANSFER
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER

Thanks.


NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.

DM ME ON WHATSAPP
+44 7529 555638