[Security Bundle] Unable to log in via API #54883
-
Symfony version(s) affected7.0.7 DescriptionI'm currently working with Symfony 7.0 on the backend and React on the frontend. Additionally, I'm using API Platform and the Lexik JWT Authentication Bundle. The authentication process should unfold as follows: when a registered user attempts to log in, if their credentials are valid, a token should be generated, granting them access to the dashboard. Here's what I've accomplished thus far:
How to reproduceAPIController.php class ApiLoginController extends AbstractController
{
#[Route('/api/login', name: 'api_login', methods: ['POST'])]
public function index(#[CurrentUser] $user, JWTTokenManagerInterface $tokenManager): Response
{
if (null === $user) {
return $this->json([
'message' => 'missing credentials',
], Response::HTTP_UNAUTHORIZED);
}
$token = $tokenManager->create($user);
return $this->json([
'user' => $user->getUserIdentifier(),
'token' => $token,
]);
}
} security.yml security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
login:
pattern: ^/api/login
stateless: true
json_login:
check_path: api_login
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api/
stateless: true
jwt: ~
access_control:
- { path: ^/api/login, roles: PUBLIC_ACCESS }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY} Login.jsx
Possible SolutionNo response Additional ContextAdditionally I inserted into LoginController a |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 6 replies
-
Well yes: you typically authenticate against remote APIs in a stateless fashion; that's what your firewalls being
By default the LexikJWTAuthenticationBundle will expect the token to be present in requests' If you want to use cookies, you need to configure the bundle: https://github.com/lexik/LexikJWTAuthenticationBundle/blob/3.x/Resources/doc/1-configuration-reference.rst#automatically-generating-cookies |
Beta Was this translation helpful? Give feedback.
Hm if you configured the bundle to use a cookie then you shouldn't need anything else: the browser will automatically send it with each request, so the bundle will be able to get it and authenticate you.
The bundleʼs documentation also mentions the use of two cookies: https://github.com/lexik/LexikJWTAuthenticationBundle/blob/3.x/Resources/doc/1-configuration-reference.rst#automatically-generating-split-cookies so you should probably read it as well as the linked article.
Godspeed 🚀