1

I'm trying to create REST API with JWT authentification in Symfony5. At first I've tried to do as written here https://h-benkachoud.medium.com/symfony-rest-api-without-fosrestbundle-using-jwt-authentication-part-2-be394d0924dd . Difficulties appeared when I've tried to make method getTokenUser:

    /**
     * @param JWTTokenManagerInterface $JWTManager
     * @return JsonResponse
     * @Route("/api/login_check", name="api_login_check", methods={"POST"})
     */
    public function getTokenUser(UserInterface $user,JWTTokenManagerInterface $JWTManager)
    {
        return new JsonResponse(['token' => $JWTManager->create($user)]);
    }

Symfony says that UserInterface is not service so it can't Autowire it. Ok, then I've tried to find another articles about this problem. But surprisingly they just doesn't say how to write this method. For example, here https://digitalfortress.tech/php/jwt-authentication-with-symfony/ appears like route /api/login_check must work authomatically if it configured in security.yaml and in routes.yaml. But no, it doesn't work.

So how must I write controller?

My security.yaml is:

security:
    encoders:
        App\Entity\User:
            algorithm: bcrypt

    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email
    firewalls:
        login:
            pattern:  ^/api/login
            stateless: true
            anonymous: true
            json_login:
                check_path:               /api/login_check
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure

        api:
            pattern:   ^/api
            stateless: true
            provider: app_user_provider
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: true

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#firewalls-authentication

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }
Improve this question

2 Answers 2

Reset to default
0

it's true you do not need this method. You should refer to the documentation of the bundle you are using:

https://github.com/lexik/LexikJWTAuthenticationBundle/blob/2.x/Resources/doc/index.rst

In fact the login URL is handled by the security component of Symfony and rely on the configuration you set under json_login key :) .

Once again, it's detailed in the documentation (section "Usage").

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks. But when Im trying to run curl -X POST -H "Content-Type: application/json" localhost/api/login_check -d '{"username":"johndoe","password":"test"}' , Server says Unable to find the controller for path "/api/login_check". The route is wrongly configured. (404 Not Found)
Re-follow the documentation, you missed something.
@Nek unfortunately link has gone. updated: github.com/lexik/LexikJWTAuthenticationBundle/blob/2.x/…
0

I think it may be because you have to add the jwt provider in the providers section in your security.yml :

providers:
  jwt:
    lexic_jwt: ~

If you are still stuck after this, I have implemented the Lexic JWT token in a project, so if you want an example you can check this out : https://github.com/niko-38500/boilerplate-symfony-hexagonal-architecture-CQRS-JWT

The class that generates the JWT token is located under "App\FrameworkInfrastructure\Infrastructure\Jwt\JwtGenerator", so you can follow the execution from there with a breakpoint to check if you notice any difference with your application which could help you.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.