[英]Symfony 5 JWT Token not found
I'm using a docker image with an apache server and i'm trying to run a JWT Authentication on Symfony 5 using the LexikJWTAuthenticationBundle
. I'm using a docker image with an apache server and i'm trying to run a JWT Authentication on Symfony 5 using the
LexikJWTAuthenticationBundle
. I followed the official doc LexikJWTAuthenticationDocs here is what I've done:我遵循了官方文档LexikJWTAuthenticationDocs这是我所做的:
I ran the command: php bin/console lexik:jwt:generate-keypair
which gave me a public and private key pair.我运行了命令:
php bin/console lexik:jwt:generate-keypair
给了我一个公钥和私钥对。 I made sure that the private key is not encrypted as I could see in this post answer: Encrypted private key .我确保私钥没有加密,正如我在这篇帖子答案中看到的那样: 加密的私钥。
here is the configuration of the security.yaml
:这是
security.yaml
的配置:
security:
encoders:
App\Entity\User:
algorithm: bcrypt
providers:
# used to reload user from session & other features (e.g. switch_user)
database:
entity:
class: App\Entity\User
property: email
firewalls:
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
here is my routes.yaml
:这是我的
routes.yaml
:
api_login_check:
path: /api/login_check
the lexik_jwt_authentication.yaml
: lexik_jwt_authentication.yaml
:
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
# token time to live 1 hour
token_ttl: 3600
the .env
: .env
:
JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
JWT_PASSPHRASE=test
with all this configuration I'm using to postman to retrieve the token from the user:通过所有这些配置,我使用 postman 从用户那里检索令牌:
postman get token postman 获取令牌
and with this token I'm now trying to fetch from the api every users at api/users
并使用此令牌,我现在尝试从 api 获取
api/users
的每个用户
postman get users but the response is the 401 status and JWT Token not found
postman 获取用户但响应是401 状态和
JWT Token not found
my apache configuration is:我的 apache 配置是:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
This might have something to do with the apache configuration as I could see in a lot of Stack Overflow questions but i've tried a lot of them and nothing seems to work for me even this from the LexikJWTAuthenticationBundle :这可能与 apache 配置有关,正如我在很多 Stack Overflow 问题中看到的那样,但我已经尝试了很多,但即使来自LexikJWTAuthenticationBundle似乎也没有什么对我有用:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
Why am I able to create a token but not use him to access data?为什么我可以创建令牌但不能使用他访问数据?
This has nothing to do with .htaccess
or 000-default.conf
you must change the conf in: /etc/apache2/apache2.conf
and add SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
at the end of the file.这与
.htaccess
或000-default.conf
无关,您必须在/etc/apache2/apache2.conf
中更改 conf 并在文件末尾添加SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
。
However I didn't find any ressource that explain why apache remove authorization header但是我没有找到任何资源来解释为什么 apache 删除授权 header
Do you know if NGinx has a similar problem?不知道NGinx有没有类似的问题?
I'm using Postman to test sending requests to an API with Authorization header with Bearer and the token, but I'm getting 401 error and "username could not be found" as error description.我正在使用 Postman 来测试向 API 发送请求,授权 header 带有 Bearer 和令牌,但我没有找到 401 错误和“用户名”作为错误描述。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.