Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Sending JWT Token in Guzzle POST with LexikJWTAuthenticationBundle
<?php
namespace AppBundle\Controller;
class DefaultController extends Controller
{
/**
* @Route("/gettoken")
*/
public function getToken()
{
$request = $this->getRequest();
$user = $this->getDoctrine()
->getRepository('AppBundle:User')
->findOneBy(['username' => $request->getUser()]);
if (!$user) {
throw $this->createNotFoundException();
}
$isValid = $this->get('security.password_encoder')
->isPasswordValid($user, $request->getPassword());
if (!$isValid) {
throw new BadCredentialsException();
}
$token = $this->get('lexik_jwt_authentication.jwt_manager')->create($user);
return new JsonResponse(['token' => $token]);
}
/**
* @Route("/client", name="rewotec_customer.jwt_client")
*/
public function apiClient()
{
$client = new Client();
$response = $client->post('http://dev.microservice1.com/gettoken', [
'auth' => ['admin', 'test1234']
]);
$body = json_decode($response->getBody(), true);
$token = $body['token'];
$decrypt = $this->get('lexik_jwt_authentication.encoder')->decode($token); // Success!
$response2 = $client->post('http://dev.microservice1.com/api/secure', [
'headers' => [
'Authorization' => 'Bearer '.$token
]
]);
return new Response($response2->getBody());
}
/**
* @Route("/api/secure")
*/
public function secure()
{
return new Response('Logged in');
}
}
security:
encoders:
FOS\UserBundle\Model\UserInterface: { id: security.encoder.legacy }
role_hierarchy:
ROLE_ADMIN:
- ROLE_USER
- ROLE_CUSTOMER
ROLE_SUPER_ADMIN: ROLE_ADMIN
ROLE_API: [ROLE_USER]
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
login:
pattern: ^/api/login
stateless: true
anonymous: true
provider: fos_userbundle
form_login:
check_path: /api/login_check
require_previous_session: false
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
anonymous: false
provider: fos_userbundle
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
lexik_jwt:
authorization_header: # check token in Authorization Header
enabled: true
prefix: Bearer
query_parameter: # check token in query string parameter
enabled: false
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/client, roles: [IS_AUTHENTICATED_ANONYMOUSLY] }
- { path: ^/gettoken, roles: [IS_AUTHENTICATED_ANONYMOUSLY] }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: [IS_AUTHENTICATED_FULLY] }
@webdevilopers

This comment has been minimized.

Copy link
Owner Author

@webdevilopers webdevilopers commented May 4, 2018

curl -X POST http://dev.microservice1.com/api/login_check -d _username=admin -d _password=test1234

successfully returns the token.

@webdevilopers

This comment has been minimized.

Copy link
Owner Author

@webdevilopers webdevilopers commented May 4, 2018

curl -H "Authorization: Bearer TOKEN" http://dev.customer.rewotec.com/api/secure

returns "Bad credentials"

@webdevilopers

This comment has been minimized.

Copy link
Owner Author

@webdevilopers webdevilopers commented May 4, 2018

My virtual host needed the entry from the original symfony .htaccess which was not loaded by my apache:

RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

@webdevilopers

This comment has been minimized.

Copy link
Owner Author

@webdevilopers webdevilopers commented Jun 11, 2018

Thanks to @chalasr supporting me on this.
Is the /api/login_check URL just for testing the application or is it also recommended to be used as the public login URL?

@webdevilopers

This comment has been minimized.

Copy link
Owner Author

@webdevilopers webdevilopers commented Jun 12, 2018

Thanks to @chalasr supporting me on this.
The /api/login_check URL is not just for testing the application. It can be used in production!

Came from:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment