Search code examples
symfonyjwtapi-platform.comlexikjwtauthbundle

Symfony JWT Bundle responding with JWT Token not found

I using API platform and the EasyAdminBundle as a backoffice in my application. For authentication, I use 2 different entities: BackofficeUser and AppUser. The BackofficeUser gets access to the backoffice, the AppUser is the "frontend" user. To authenticate the AppUser I the API authenticated with LexikJwtBUndle.

This is the content of my security.yaml:

security:
  password_hashers:
    Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'

  enable_authenticator_manager: true

  providers:
    app_user_provider:
      entity:
        class: App\Entity\AppUser
        property: email

    backoffice_user_provider:
      entity:
        class: App\Entity\BackofficeUser
        property: email

  firewalls:
    dev:
      pattern: ^/(_(profiler|wdt)|css|images|js)/
      security: false

    api:
      pattern: ^/api/
      stateless: true
      provider: app_user_provider
      jwt: ~
      json_login:
        check_path: api_auth 
        username_path: email
        password_path: password
        success_handler: lexik_jwt_authentication.handler.authentication_success
        failure_handler: lexik_jwt_authentication.handler.authentication_failure

    backoffice:
      lazy: true
      provider: backoffice_user_provider
      custom_authenticator: App\Security\BackofficeAuthenticator
      logout:
        path: app_logout

  access_control:
    - { path: ^/backoffice, roles: ROLE_ADMIN }
    - { path: ^/api/me, roles: IS_AUTHENTICATED_FULLY }

The content of lexik_jwt_authentication.yaml:

lexik_jwt_authentication:
  secret_key: '%env(resolve:JWT_SECRET_KEY)%'
  public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
  pass_phrase: '%env(JWT_PASSPHRASE)%'
  api_platform:
    check_path: /api/auth
    username_path: email
    password_path: password

It is possible to retrieve a JWT token, but when I send a request to /api/me with the token I just retrieved, which requires authentication , I get the following response:

curl -X 'GET' \
  'http://localhost/api/me' \
  -H 'accept: application/json' \
  -H 'Authorization: <the-jwt-token>'
{"code":401,"message":"JWT Token not found"}
Solution

  • I just resolved this issue. The mistake was: it is required to add the string Bearer as prefix in the header, like

    curl -X 'GET' \
  'http://localhost/api/me' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <the-jwt-token>'