CODEWITHSUNDEEP
phpsymfonylexikjwtauthbundle
Daniel
Daniel

Reputation: 87

LexikJWTAuthenticationBundle | JwtToken is working but Authentication says "Full authentication is required to access this resource."

My token login works fine, but if I try to know if I am fully logged in by my route:

UserController.php

/**
  * @Route("/auth/me", name="userIsAuthenticated")
  */
public function authenticated()
{
    return new Response(':-)', Response::HTTP_OK);
}

it just shows

Symfony\Component\HttpKernel\Exception\HttpException: Full authentication is required to access this resource.

I found out that in the StackTrace only "symfony\security-http\Firewall" appears and nothing with Lexik?

I tried also the jwt.io if the token works and it works its all valid.

security.yaml

security:
    encoders:
        App\Entity\User:
            algorithm: auto

    providers:
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false


        login:
            pattern:  ^/auth
            stateless: true
            anonymous: true
            json_login:
                check_path:               /auth
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure


        api:
            pattern:   ^/
            stateless: true
            provider: app_user_provider
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

    access_control:
         - { path: ^/auth/me, roles: IS_AUTHENTICATED_FULLY }

Upvotes: 2

Views: 2457

Answers (1)

Daniel
Daniel

Reputation: 87

The issue was that my /auth/me route was going to use the /auth firewall. The /auth firewall has no lexik authenticator in the configuration.

I just needed to change ^/auth to ^/auth$ and all is fine.

The $ sign prevents the firewall for working for eveything like

/auth/me
/auth/example
/auth/anotherexample
...

It only uses the exact match /auth route :-)

Upvotes: 4

Related Questions