Friday, March 4, 2022

[FIXED] Symfony 5 JWT Token not found

Issue

I'm using a docker image with an apache server and i'm trying to run a JWT Authentication on Symfony 5 using the LexikJWTAuthenticationBundle. I followed the official doc LexikJWTAuthenticationDocs here is what I've done :

I ran the command : php bin/console lexik:jwt:generate-keypair which gave me a public and private key pair. I made sure that the private key is not encrypted as I could see in this post answer : Encrypted private key.

here is the configuration of the security.yaml :

security:
    encoders:
        App\Entity\User:
            algorithm: bcrypt

    providers:
    # used to reload user from session & other features (e.g. switch_user)
        database:
            entity:
                class: App\Entity\User
                property: email
    firewalls:
        login:
            pattern: ^/api/login
            stateless: true
            anonymous: true
            json_login:
                check_path: /api/login_check
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure

        api:
            pattern: ^/api
            stateless: true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

    access_control:
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

here is my routes.yaml :

api_login_check:
    path: /api/login_check

the lexik_jwt_authentication.yaml :

lexik_jwt_authentication:
    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
    pass_phrase: '%env(JWT_PASSPHRASE)%'
#    token time to live 1 hour
    token_ttl: 3600

the .env :

JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
JWT_PASSPHRASE=test

with all this configuration I'm using to postman to retrieve the token from the user :

postman get token

and with this token I'm now trying to fetch from the api every users at api/users

postman get users but the response is the 401 status and JWT Token not found

my apache configuration is :

<VirtualHost *:80>

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]


    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

This might have something to do with the apache configuration as I could see in a lot of Stack Overflow questions but i've tried a lot of them and nothing seems to work for me even this from the LexikJWTAuthenticationBundle :

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Why am I able to create a token but not use him to access data ?


Solution

This has nothing to do with .htaccess or 000-default.conf you must change the conf in : /etc/apache2/apache2.conf and add SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 at the end of the file.

However I didn't find any ressource that explain why apache remove authorization header



Answered By - winterbbq
at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.