我正在使用 Sf 4.1 实现 Lexik JWT 库。 就我而言,当多个应用程序需要时,我必须通过自定义身份验证器创建 JWT 令牌。 我已经遵循了 lexik 文档,但是我在签署令牌时遇到了几个小时的问题。 与偶然情况唯一不同的是:我使用doctrine-odm而不是doctrine-orm来使用MongoDb。
这里是文件:
安全.yaml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
anonymous: ~
logout:
path: /logout
target: /login
remember_me:
secret: '%env(APP_SECRET)%'
guard:
authenticators:
- App\Security\GuardAuthenticator\LoginFormAuthenticator
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
lexik_jwt_authentication.yaml:
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(resolve:JWT_PASSPHRASE)%'
token_ttl: 3600
LoginFormAuthenticator.php(onAuthenticationSuccess 方法):
/**
* @param Request $request
* @param TokenInterface $token
* @param string $providerKey
*
* @return null|JsonResponse
*/
public function onAuthenticationSuccess(
Request $request,
TokenInterface $token,
$providerKey
): ?JsonResponse {
/** @var User $user */
$user = $token->getUser();
$apiToken = $this->jwtTokenManager->create($user);
$user->setApiToken($apiToken);
$this->documentManager->persist($user);
$this->documentManager->flush();
return new JsonResponse(['Authorization' => $apiToken]);
}
私人.pem:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,F05739F4D47EE90DADA678BA60000AE4
<sensitive data>
-----END RSA PRIVATE KEY-----
我尝试检查传递给供应商中的创建或签名方法的参数:
您有什么建议可以帮助我吗?
使用此方法创建 jwt 令牌
public function getTokenUser(JWTTokenManagerInterface $JWTManager,ManagerRegistry $mr,UserPasswordHasherInterface $hasher)
{
$em = $mr->getManager();
$user = $em->getRepository(User::class)->findOneBy(['email' => 'user']);
if($hasher->isPasswordValid($user, 'user')){
$token = $JWTManager->create($user);
return new JsonResponse(['token' => $token]);
}
return new JsonResponse(['error' => 'Invalid credentials'], Response::HTTP_UNAUTHORIZED);
// ...
}