Comments (11)
Using api-platform, I had the same problem and had to declare a custom user provider in the gesdinet_jwt_refresh_token.yaml configuration file (had to create this file in /config/packages) :
user_provider: security.user.provider.concrete.<your provider defined in security.yaml>
Then it used my User's entity in the onJWTCreated event and not the default one, and I had access to my custom method (like getId())
from jwtrefreshtokenbundle.
FWIW, I was also having an issue with the JWT generated after refresh. My issue was that on login, the JWT would contain the complete set of User roles, but on refresh, it wouldn't. The fix was simply to specify the user_provider
in gesdinet config to be the same as the one used during initial authentication (in my case an fos_user.user_provider
:
# gesdinet_jwt_refresh_token.yaml
gesdinet_jwt_refresh_token:
user_provider: fos_user.user_provider.username_email
from jwtrefreshtokenbundle.
@wittyweb You saved me there! Thanks!
from jwtrefreshtokenbundle.
I have the same problem like you. How did you handle it @nicraMarcin ? This issue still exist. Did you use an other bundle or customize this one?
from jwtrefreshtokenbundle.
@thecassion I created my own custom refresh controller
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use FOS\RestBundle\Controller\Annotations as Rest;
class TokenController extends Controller
{
/**
* @Rest\Get("/api/token/refresh")
*/
public function indexAction()
{
$jwtManager = $this->container->get('lexik_jwt_authentication.jwt_manager');
$token = $jwtManager->create($this->getUser());
return [ 'token' => $token];
}
}
now in frontend before token expires I make request to this route.
to do is to check if user is still enabled.
from jwtrefreshtokenbundle.
Ok . Thanks @nicraMarcin I understand . For me I don't use FOSRestBundle . I only use Api-platform . I will try to refresh token with my own logic like you do. Thanks again
from jwtrefreshtokenbundle.
I use this with Api Platform and it works. I use another Event I think:
use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;
use MWS\UserBundle\Model\UserInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
class JWTAuthenticatedListener
{
/**
* @var TokenStorageInterface
*/
private $tokenStorage;
/**
* @param TokenStorageInterface $tokenStorage
*/
public function __construct(TokenStorageInterface $tokenStorage)
{
$this->tokenStorage = $tokenStorage;
}
/**
*
* @param AuthenticationSuccessEvent $event
* @return void
*/
public function onAuthenticationSuccessResponse(AuthenticationSuccessEvent $event)
{
$user = $event->getUser();
if (!$user instanceof UserInterface) {
return;
}
$data = $event->getData();
$data['id'] = $user->getId();
$event->setData($data);
}
}
This does not encrypt the payload in the token but send the data with it. Encrypting additional data in the token wasn't possible.
Dont forget to give the listener a lower priority. The solution i found and helped me was this: #67
from jwtrefreshtokenbundle.
@jspizziri This should be in the docs! Thanks!
from jwtrefreshtokenbundle.
FWIW, I was also having an issue with the JWT generated after refresh. My issue was that on login, the JWT would contain the complete set of User roles, but on refresh, it wouldn't. The fix was simply to specify the
user_provider
in gesdinet config to be the same as the one used during initial authentication (in my case anfos_user.user_provider
:
Hello, I have the same issue but i'm not using custom provider; can you help me please ? I'mmmm so stuck :')
from jwtrefreshtokenbundle.
@steveKac01 i haven't used symfony in several years. Good luck!
from jwtrefreshtokenbundle.
@jspizziri @steveKac01 this is my first participation, I hope to help you 😉
JWTRefreshTokenBundle <== it works for me
# config/packages/security.yaml
app_user_provider: # the provider i use for refresh token
entity:
class: App\Entity\User
property: username
jwt:
lexik_jwt:
class: App\Security\UserAuthenticate
firewalls:
dev:
pattern: ^/_(profiler|wdt)
security: false
login:
# some config
api:
pattern: ^/api/
stateless: true
entry_point: jwt
provider: jwt
jwt: ~
refresh_jwt:
check_path: /api/token/refresh
provider: app_user_provider # the user's provider must be declared here
# config/packages/gesdinet_jwt_refresh_token.yaml (automatically create from JWTRefreshTokenBundle recipes)
gesdinet_jwt_refresh_token:
refresh_token_class: @@App\Entity\RefreshToken
from jwtrefreshtokenbundle.
Related Issues (20)
- Token TTL Unlimited HOT 1
- "message":"Repository mapped for \"App\\Entity\\JwtRefreshToken\" should implement Gesdinet\\JWTRefreshTokenBundle\\Doctrine\\RefreshTokenRepositoryInterface." HOT 2
- Compatibility bug with Symfony 6.1 & ApiPlatform 3.0 HOT 6
- [RFC] 2.0 Proposal HOT 5
- File mapping drivers must have a valid directory path HOT 1
- 401 - Invalid Credentials HOT 1
- Deprecation warnings with Symfony 5.4 and PHP 8.1 HOT 2
- Logout listener HOT 2
- The generated migration drops the entire database HOT 3
- symfony 6.2: Unable to find the controller HOT 1
- Deprecation on "Request/Extractor/RequestBodyExtractor.php::getRefreshToken": "$request->getContentType() method is deprecated"
- Setting cookie same_site with env variable not possible HOT 3
- Update from v1.1.1 to v1.1.3 leads to wrong sequence names HOT 2
- Support for partitioned authentication cookies
- Fatal error on latest version with Symfony 7 HOT 1
- Best way to re-map RefreshToken? HOT 3
- OpenApi platform docs Response missing HOT 1
- Add data as payload to the refresh route HOT 2
- Unable to find the controller for path \"/api/token/refresh\". The route is wrongly configured. HOT 2
- Missing YAML logout documentation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwtrefreshtokenbundle.