I've switched recently to Symfony 6.2 and want to use the newly introduces AccessTokenHandler for Bearer Authentication.
So all the cache is cleared after updating and I'm following the guide at https://symfony.com/doc/current/security/access_token.html.
This is part of my security.yaml:
security:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
access_token:
token_handler: App\Security\AccessTokenHandler
token_extractors: header
lazy: true
provider: app_user_provider
form_login:
login_path: app_login
check_path: app_login
logout:
path: app_logout
But when I make some requests to my page, it says
Unrecognized option "access_token" under "security.firewalls.main".
Available options are "access_denied_handler", "access_denied_url",
"context", "custom_authenticators", "entry_point", "form_login",
"form_login_ldap", "host", "http_basic", "http_basic_ldap",
"json_login", "json_login_ldap", "lazy", "login_link",
"login_throttling", "logout", "methods", "pattern", "provider",
"remember_me", "remote_user", "request_matcher", "required_badges",
"security", "stateless", "switch_user", "user_checker", "x509".
So this looks like the changes to symfony 6.2 are not working. Or am I missing something?
Related
Good afternoon. Please i'm using LexikJWTAuthenticationBundle in a symfony 4 api project. I'm using UserProvider for Doctrine.
After Configure Doctrine User Provider, I've install and configure LexikJWTAuthenticationBundle. But when i tried to athentificate using Postman on the url http://localhost:8000/api/login_check whith this JSON {"username":"ak",
"password":"ak"} I've this error: {
"code": 401,
"message": "Bad credentials"
}.
See below my Security.yaml config file. I've read forums to tried to solve this issue but i've not yet found the solution. Can you please help me?
security:
encoders:
App\Entity\Utilisateur:
algorithm: bcrypt
providers:
#in_memory: { memory: ~ }
our_db_provider:
entity:
class: App\Entity\Utilisateur
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
main:
pattern: ^/
user_checker: App\Security\UtilisateurChecker
anonymous: true
provider: our_db_provider
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
Have you missed a piece of configuration during installation? I dont see the lexik one:
lexik_jwt_authentication:
secret_key: '%kernel.project_dir%/config/jwt/private.pem' # required for token creation
public_key: '%kernel.project_dir%/config/jwt/public.pem' # required for token verification
pass_phrase: 'your_secret_passphrase' # required for token creation, usage of an environment variable is recommended
token_ttl: 3600
Good morning All. I've found the solution of my problem. In fact, i was typing a bad User Password.
To solve this article, i've used this article https://numa-bord.com/miniblog/symfony-4-les-base-dune-gestion-des-utilisateurs-inscription-connexion-droits-dacces/
I've created au database user by using create user command implemented in the article.
After i have been connected with this previous created user sucessfully. ApiPlatform generate a web tocken for me.
Thank you very much
Hi!
I am becoming mad with the following error, found into the prod log, with Facebook Login, by HWIOAuthBundle. I have never encountered this bug on our localhosts. It occurred (and continues to occur) several times on prod, sporadically. I tried to set verify_peer to false inside config.yml, put off ipv6 on the nginx server, etc. Nothing had solved this problem.
Here is the exact error :
[2017-09-05 17:48:16] request.CRITICAL: Uncaught PHP Exception
HWI\Bundle\OAuthBundle\OAuth\Exception\HttpTransportException:
"Error while sending HTTP request" at
/home/keywinf/htdocs/www/vendor/hwi/oauth-bundle/OAuth/ResourceOwner/AbstractResourceOwner.php line 255
{"exception":"[object] (HWI\\Bundle\\OAuthBundle\\OAuth\\Exception\\HttpTransportException(code: 28):
Error while sending HTTP request at /home/keywinf/htdocs/www/vendor/hwi/oauth-bundle/OAuth/ResourceOwner/AbstractResourceOwner.php:255, Buzz\\Exception\\RequestException(code: 28):
Connection timed out after 60000 milliseconds at /home/keywinf/htdocs/www/vendor/kriswallsmith/buzz/lib/Buzz/Client/Curl.php:29)"} []
config.yml
hwi_oauth:
firewall_names: [main]
use_referer: true
fosub:
username_iterations: 30
properties:
facebook: facebookId
resource_owners:
facebook:
type: facebook
client_id: "%facebook_id%"
client_secret: "%facebook_secret%"
infos_url: 'https://graph.facebook.com/me?fields=id,name,first_name,last_name,picture.type(large),email,gender,birthday,location,age_range'
scope: "email,user_friends"
http_client:
timeout: 60
security.yml
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api:
pattern: ^/api/[a-z0-9](-[a-z0-9])+/
stateless: true
simple_preauth:
authenticator: api_key_authenticator
provider: api
main:
pattern: ^/
anonymous: true
provider: main
switch_user: true
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
success_handler: acme.security.authentication_handler
failure_handler: acme.security.authentication_handler
always_use_default_target_path: false
default_target_path: /
oauth:
resource_owners:
facebook: /login/check-facebook
login_path: /login
failure_path: /login
success_handler: acme.security.authentication_handler
always_use_default_target_path: false
default_target_path: /
oauth_user_provider:
service: dm.user_provider
logout:
path: fos_user_security_logout
target: /
remember_me:
secret: %secret%
If one knows what could be causing it.. Thank you very much
Ok, I got it, for anyone who have been encountering the same storm.
Be careful with ipv6 stuff on your server. PHP curl was trying to do its job through it, but the server was not ipv6-ready, and it eventually found it more cool to step back to ipv4 (but after a long time). My solution was to activate ipv6 completely (DNS, conf, etc.). You've plenty of useful (and short) examples for it on the web.
Have fun!
I am using authentication with guard in my application. I have 2 different way to login with 2 distinct guard authenticator.
my security looks like this :
firewalls:
login:
pattern: /(login|api.*)$
anonymous: ~
autolog:
pattern: /(autolog.*)$
anonymous: ~
guard:
authenticators:
- app.autolog_authenticator
main:
logout:
invalidate_session: true
path: /%locale%/logout
target: /%locale%/login
guard:
authenticators:
- app.token_authenticator
The token_authenticator works perfectly. But when I use autolog, the user is perfectly log with the autolog_authenticator, but then it goes in the token_authenticator that refuse the connection.
How can I tell the application to only use the autolog_authenticator and dont go to the token_authenticator?
this does not look optimal
pattern: /(login|api.*)$
try to protect your api area with token only
Have a look at this implementation example here https://github.com/knpuniversity/guard-presentation/blob/finished/app/config/security.yml
Another keyword you might need is entrypoint which defines, what authentication has a higher priority
I finally find how I can do.
I just used the same context for each guard. I use it like this
firewalls:
login:
pattern: /(login|api.*)$
anonymous: ~
autolog:
pattern: /(autolog.*)$
context : primary_auth
anonymous: ~
guard:
authenticators:
- app.autolog_authenticator
main:
context : primary_auth
logout:
invalidate_session: true
path: /%locale%/logout
target: /%locale%/login
guard:
authenticators:
- app.token_authenticator
I'm using ESI (Edge Side Includes) to speed up my page but every time that I want to check if the user is loged in or not I get this error:
AuthenticationCredentialsNotFoundException: The security context contains no authentication token. One possible reason may be that
there is no firewall configured for this URL.
In my config.yml file I have this:
**esi: true<br>
fragments: { path: /_proxy }<br>
trusted_proxies: [127.0.0.1]**
Does someone knows how to solve it? I already tried to set a firewall for the /_proxy urls but I think that this is not the solution.
These are my firewalls:
main:
pattern: ^/
form_login:
check_path: /user/login_check
login_path: /user/login
provider: chain_provider
failure_path: null
logout:
path: /user/logout
target: /
success_handler: logout_success_handler
invalidate_session: true
anonymous: ~
security: true
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
Thanks
I tried to update my vendor bundles in symfony2 using php composer.phar update, but when I did so I received an error after this line:
Updating the "app/config/parameters.yml" file
The error I get is:
[Symfony\Component\Config\Definition\Exception\InvalidConfigurationException]
The child node "key" at path "security.firewalls.main.remember_me" must be configured.
Script Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::clearCache handling the post-update-cmd event terminated with an exception
[RuntimeException]
An error occurred when executing the "'cache:clear --no-warmup'" command.
My security.yml file has the following in its firewall section:
firewalls:
main:
pattern: ^/
provider: fos_userbundle
form_login:
csrf_provider: form.csrf_provider
always_use_default_target_path: false
default_target_path: webplio_site_dashboard_index
#success_handler: webplio_site.login_success_handler
check_path: /login_check
login_path: /login
logout: true
remember_me: true
anonymous: true
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
where secret is defined in my parameters.yml file
My question then is what else do I need to do in order to configure the child node "key" at path "security.firewalls.main.remember_me"?
You need to change from
remember_me:
key: "%secret%"
to
remember_me:
secret: "%secret%"
Move your remember_me: true to
form_login:
...
remember_me: true
Check the security-reference as to see why.
Change key to secret and it works