JWT Token not found 401 error when trying to access my api plateform?

Question

I am facing a small problem I don't really know how to fix, I tried some solutions that I will mention later but still got nothing, it is an authentication problem, when trying to make my User authenticate.

Well I have a User entity like this :

<?php

namespace App\Entity;

use ApiPlatform\Core\Annotation\ApiResource;
use Doctrine\ORM\Mapping as ORM;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Common\Collections\Collection;
use Symfony\Component\Serializer\Annotation\Groups;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * @ApiResource(normalizationContext={"groups"={"read"}})
 * @ORM\Entity(repositoryClass="App\Repository\UserRepository")
 */
class User implements UserInterface {
    /**
     * @ORM\Id()
     * @ORM\GeneratedValue()
     * @ORM\Column(type="integer")
     * @Groups({"read"})
     */
    private $id;

    /**
     * @ORM\Column(type="string", length=255)
     * @Groups({"read"})
     */
    private $username;

    /**
     * @ORM\Column(type="string", length=255)
     * @Groups({"read"})
     */
    private $email;

    /**
     * @ORM\Column(type="string", length=255)
     */
    private $password;

    /**
     * @ORM\OneToMany(targetEntity="App\Entity\Post", mappedBy="user")
     * @Groups({"read"})
     */
    private $posts;

    public function __construct(){
        $this->posts = new ArrayCollection();
    }

    public function getId(): ?int
    {
        return $this->id;
    }

    public function getUsername(): ?string
    {
        return $this->name;
    }

    public function setUsername(string $name): self
    {
        $this->name = $name;

        return $this;
    }

    public function getEmail(): ?string
    {
        return $this->email;
    }

    public function setEmail(string $email): self
    {
        $this->email = $email;

        return $this;
    }

    public function getPassword(): ?string
    {
        return $this->password;
    }

    public function setPassword(string $password): self
    {
        $this->password = $password;

        return $this;
    }

    public function getRoles(){

    }

    public function getSalt(){

    }


    public function eraseCredentials(){

    }

    public function getPosts(): Collection
    {
        return $this->posts;
    }
}

And here is my security.yaml file :

security:
    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    encoders:
        App\Entity\User:
            algorithm: bcrypt
    providers:
        #in_memory: { memory: ~ }
        database: 
            entity: 
                class: App\Entity\User
                property: username
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        api:
            pattern: ^/api
            stateless: true
            anonymous: true
            json_login: 
                check_path: /api/login_check
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
            guard: 
                authenticators: 
                    - lexik_jwt_authentication.jwt_token_authenticator

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#firewalls-authentication

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }

So I did this exactly like mentionned in the course but still get this 401 error, so I tried to make some changes on some files, it was proposed by others who faced same issue, I tried to add this lines in my .htaccess file :

 # Sets the HTTP_AUTHORIZATION header removed by Apache
RewriteEngine On
RewriteCond %{HTTP:Authorization} .
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

But still getting the same error, so I was willing to try an other solution mentionned here, but I am on Windows not linux so the answer does not match my needs.

I am stuck for almost a day, I need help people, any help would be much appreciated.

Answer 1

If your problem is in production, it's maybe due to Apache Autorisation, check the answer here : https://stackoverflow.com/a/70787257/3556984

Answer 2

I had a similar issue and fixed it like this:

security:
  firewalls:
    api:
      pattern: ^/login_check
      json_login: 
        check_path: /login_check

  access_control:
    - { path: ^/api/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY 

This is somewhat discussed on LexikJWTAuthenticationBundle GitHub issues board: here