Hey ! Thank's for that wonderfull tutorial :D ! If anyone have trouble with postman to test the api/login_check use "raw" format instead of "form-data" it worked for me !
@OverSeasMedia5 жыл бұрын
Goddamn it where were when I was trying to use postman . Lol . Thanks man . I will pin this for anyone using postman . Cheers mate :)
@arbitruVAR4 жыл бұрын
I resolve this issue with change tha security.yaml at he firewalls proparty from data_login to json_login.
@scorpioniz3 жыл бұрын
wanted to write the same :D
@Mr8perezm4 жыл бұрын
This video you created was super useful. I've been trying to lock down an API in Symfony for weeks now. Your vid allowed me to actually complete the task and hopefully please the boss. Thanks, keep making them.
@OverSeasMedia4 жыл бұрын
Aye mate you're really welcome, of you ever get stuck and need help directly please let me know, I know what is like to be stuck and frustrated by a deadline and I'm willing to help when possible :)) Cheers :))
@customphpdesign3 жыл бұрын
Thank you!!! After getting the token its just like dealing with a user who is logged in. You can check and restrict roles as normal. Was looking for a easy to use API for Symfony 5 and this works great!
@davidramentol48773 жыл бұрын
Just to clarify: OAuth2 and JWT are not exclusive, the first one is an authorization standard and the second one is token standard. You would usually use both together.
@tark63925 жыл бұрын
Thank you so much! Newbie for symfony. My question is how did you get the hash password? Or how to create superadmin password? Thank you!
@OverSeasMedia5 жыл бұрын
You're most welcome, the password can be generated using a command, just type php bin/console security: encode-password and enter your pain text password and it will give you back the hashed password, and just enter it in the database manually :)
@AinUlHUniverse2 жыл бұрын
@@OverSeasMedia make sure to remove space between "security:" and "encode-password".
@stefankosev53575 жыл бұрын
Brilliant video. I don't think it can be explained better. Thank you!
@OverSeasMedia5 жыл бұрын
Thank you man I really appreciate the great feedback. Cheers :)
@beycandeveloper3 жыл бұрын
Hello my problem => Unable to find the controller for path "/login_check". The route is wrongly configured.
@nurimustafa38175 жыл бұрын
I got error Unable to find the controller for path "/api/login_check" because I tried to post using Postman with content type x-www-form-urlencoded. In Postman when you select Body type as RAW type, it gives you selection to set data type as JSON, then you enter you data as JSON. Doing this will fix controller error
@OverSeasMedia5 жыл бұрын
Yes that is indeed the case . You need to make sure the content type is of type json otherwise the authentication bundle won't know how to deal with your request . Cheers and thank you for sharing this with us :)
@mani8742475 жыл бұрын
Nice tutorial. Please, how I can generate the password hash, so I can fellow with the rest of the material ?
@OverSeasMedia5 жыл бұрын
There is a command that helps you generate the hash it's php bin/console security: encode-password
@_danisson4 жыл бұрын
When i get token and try to insert the token in the header authorization bearer i got 401 token not found .
@dahlizahmed47794 жыл бұрын
Hi, Thanks for the video ! I have question and is : can you make the time of the token unlimited ?
@sebastiendaireaux27944 жыл бұрын
Hie, I know this video was done there is one years I have a question, is it possible to customize the response... I would like to have something in response like this : {"token": "blablabla", "user":"myUserName", "role":"myRole"}
@Furkan-mw7kw4 жыл бұрын
+1
@OverSeasMedia4 жыл бұрын
Sorry just got a notification about this, I can't remember exactly whether you can pass the extra data the way you did, or you'd need to add any additional data into the payload (the token) it self and then read the data from the token, it's one of those things I just can't remember exactly, sorry. xD
@AnaisUrlichs5 жыл бұрын
When I try to register the token with $ curl -X POST -H "Content-Type: application/json" localhost:8000/api/login_check -d '{"username":"username","password":"password"}' I alway get{"code":401,"message":"Bad credentials"} (I placed the information of the registered user in the database; for username -- the email, and for password -- the password); any ideas?
@OverSeasMedia5 жыл бұрын
Hey again, I know this might sound stupid, but make sure that your MySQL server or whatever you're using is up and working (Check yourself for that), also make sure that the information that you have in the database is correct, specifically the password, if you have a registration page then that would be fine, if not then you can manually encode the password by using the following command "security:encode-password". If none of the above actually helped let me know, Good luck :)
@AnaisUrlichs5 жыл бұрын
@@OverSeasMedia Thank you for the reply. This might be interesting for others, too. I configured everything right (used XAMPP & phpMyAdmin) etc. I was able to set up the user via curl but always got errors when I wanted to generate the token, or an empty array; also Postman only returnerd an empty array instead of the token. In the end, I was able to read the token in the header on Postman. Thanks for the help tho -- your videos are awesome!
@nurimustafa38175 жыл бұрын
Hi, how can I get authenticated user in a Controller?
@OverSeasMedia5 жыл бұрын
You can use $this->getUser() . If no user is authenticated then this will return null .
@MegaJuandelgado4 жыл бұрын
Hola y gracias ... Tengo una pregunta, ¿cómo puedo personalizar la consulta del usuario, por ejemplo, verificar si el usuario está activo?, where you can customize that query?
@ivramuito4 жыл бұрын
where do i install openssl?
@richardgonzalez11913 жыл бұрын
I am getting the token perfectly, but I also need to get the time that the token lasts
@jonatham14 жыл бұрын
Thanks, you are the master of Symfony.
@adamyoussef68803 жыл бұрын
Hi, I've got a certainly stupid question. Is check_path that is used (that is "/login/api_check") a random one or it is required by lexik bundle? Is there a /login/api_check route assigned to some controller somewhere in the project that handles the check?
@joshualim55873 жыл бұрын
same question bro, did you already got an answer for that?
@farhanisrak86883 жыл бұрын
Did you find any solution for this?
@unnikrishnanadoor4 жыл бұрын
how you made everything black in chrome?
@OverSeasMedia4 жыл бұрын
I think it was an extension called stylus or something like that
@Hitienne5 жыл бұрын
Hello ! Good Job, Nice Tuto. Which command should I use in cmd windows to generate an Argon2i Key? It was written in comments yesterday but it does not appear in the comments any more
@OverSeasMedia5 жыл бұрын
It's php bin/console security:encode-password
@Hitienne5 жыл бұрын
@@OverSeasMedia Merci !
@OverSeasMedia5 жыл бұрын
Je t'en prie :)
@diebeziehung1278 Жыл бұрын
Once again top video, but i have a problem when i send a curl request i recive: syntax error, unexpected identifier "Encoder", expecting variable (500 Internal Server Error) --> Can anyone help me?
@alexandresolane55314 жыл бұрын
Hello ! I'm french you explain very well different steps, but I have got an issue when i try to curl POST, i 've got a 404 error. I'm on ubuntu with a website projetct split in 2 folder API & Website, do you know which path i have to input in curl command please ?
@OverSeasMedia4 жыл бұрын
The command does not need to be executed in any folder it's a good command in Ubuntu, if you have it installed and in the environment path them you can run it from anywhere
@alexandresolane55314 жыл бұрын
@@OverSeasMedia Ok thank you so if my API is in /Folder1/Folder2 i can run localhost:port/api/function :)
@OverSeasMedia4 жыл бұрын
Yeah just need to see how the urls are setup , run the debug:router to see what commands you have available :)
@alexandresolane55314 жыл бұрын
@@OverSeasMedia thank you so much it works now i will continue your tutorial
@johngord7525 жыл бұрын
Thanks for the video. This sort of info is hard to find for some reason. You would think that something as common as API authentication or even just authentication in general would be better documented. The API-Platform documentation on this has their own way of doing it, insisting on using docker for everything, and leaving out important parts.
@alamarnissi5295 жыл бұрын
Thanks bro for this awesome tuto
@OverSeasMedia5 жыл бұрын
When that sort of thing happens . The first thing you need to do is make sure that in your security.yaml file the global pattern is the last thing in the list . If you have API/login and API/ , then make sure the login thing is before the API/, just as a first step .
@alamarnissi5295 жыл бұрын
@@OverSeasMedia Yes i'm doing it right but still have the problem :(
@tatyvakulenko5 жыл бұрын
I have this error: Not configuring explicitly the provider for the "json_login" listener on "login" firewall is ambiguous as there is more than one registered provider.
@OverSeasMedia5 жыл бұрын
Can you please post your security files contents ? And how are you trying to access the login link ?
The configuration seems ok, can you please tel me how are you trying accessing this url? how are you testing it?
@tatyvakulenko5 жыл бұрын
@@OverSeasMedia it works with this security.yml security: encoders: App\Entity\User: algorithm: 'auto' # symfony.com/doc/current/security.html#where-do-users-come-from-user-providers providers: in_memory: memory: users: user: password: 'user-test' roles: 'ROLE_USER' admin: password: 'admin-test' roles: 'ROLE_ADMIN' my_own_provider: entity: class: App\Entity\User property: username # if you're using multiple entity managers # manager_name: customer # BEFORE # in_memory: { memory: ~ } # users: # entity: # class: App\Entity\User # property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/api/login stateless: true anonymous: true provider: my_own_provider json_login: check_path: /api/login_check success_handler: lexik_jwt_authentication.handler.authentication_success failure_handler: lexik_jwt_authentication.handler.authentication_failure require_previous_session: false api: pattern: ^/api stateless: true provider: my_own_provider guard: authenticators: - lexik_jwt_authentication.jwt_token_authenticator main: anonymous: true logout: path: /logout target: / invalidate_session: true # provider: # entity: # class: App\Entity\User # property: email, username # activate different ways to authenticate # symfony.com/doc/current/security.html#firewalls-authentication # symfony.com/doc/current/security/impersonating_user.html # switch_user: true # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/api/login, roles: IS_FULLY_ANONYMOUSLY } - { path: ^/api/, roles: IS_AUTHENTICATED_FULLY }
@tatyvakulenko5 жыл бұрын
we can discuss it via skype(nick - evaeva927)
@fobtasz46935 жыл бұрын
This is brilliant! Great work! Thank you
@OverSeasMedia5 жыл бұрын
Thank you mate, I appreciate the nice comment :) Cheers :)
@pranansubba95873 жыл бұрын
Thank you brother with this video and I think revisiting this video since Symfony 4. Currently in Symofny5.3 I'm implementing JWT but while generating key it stuck. In Symfony 4 it worked ,but in S5.3 at some dotted line it stuck forever idk, but i guess.
@abirgarma6064 жыл бұрын
Hey I´m still getting "code":401,"message":"Authentication request could not be processed due to a system problem.", anyone else in the same? help me
@MegaJuandelgado4 жыл бұрын
providers: # used to reload user from session & other features (e.g. switch_user) app_user_provider: entity: class: App\Entity\User property: email
@abirgarma6064 жыл бұрын
@@MegaJuandelgado I have already done this still not working
@amastou46344 жыл бұрын
You can get more info about your error in the log file . Go on your var folder at the root of your project and inside enter in log and open dev.log, If you don't have it use before : composer require symfony/monolog-bundle I found my error by using that
@abirgarma6064 жыл бұрын
@@amastou4634 Now a have a token ,but i have this [2020-04-07 15:19:33] security.INFO: Populated the TokenStorage with an anonymous Token. [] [] [2020-04-07 15:19:33] security.DEBUG: Access denied, the user is not fully authenticated; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\AccessListener.php:91)"} [] [2020-04-07 15:19:33] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\HttpException: "Full authentication is required to access this resource." at C:\laragon\www\projet\vendor\symfony\security-http\Firewall\ExceptionListener.php line 194 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\HttpException(code: 0): Full authentication is required to access this resource. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\ExceptionListener.php:194, Symfony\\Component\\Security\\Core\\Exception\\InsufficientAuthenticationException(code: 0): Full authentication is required to access this resource. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\ExceptionListener.php:146, Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\AccessListener.php:91)"} []
@raphaelcolboc25054 жыл бұрын
Very complete tutorial ! Thanks you so much, works like a charm !
@1050king5 жыл бұрын
I follow your tutorial from the beginning and i'am working with Postman not the curl command but it always gives me bad credentials if you can help me or drop your project so i can download it and try it because it' s insane like i restarted your tutorial a very few time and still gives me bad credentials i really need your help man
@OverSeasMedia5 жыл бұрын
Did you try what the pinned comments says? it says that you need to use the raw format instead of "form-data", if that doesn't help, the github project in the description contains a working authentication system, you can clone it and try it out, if none of those two works, let me know so that we can investigate this further.
@1050king5 жыл бұрын
@@OverSeasMedia actually there isn't a link in the video description
@OverSeasMedia5 жыл бұрын
its this one, github.com/konshensx16/symfony-todo-backend
@1050king5 жыл бұрын
@@OverSeasMedia i found it the problem was the password i entered i used bcrypt with the $2y$13 but when i changed to $2y$10 it worked fine but still didn't know why or how can i figure the rounds for the hash
@OverSeasMedia5 жыл бұрын
@@1050king Did you use the command php bin/console security:encode-password to hash the password ? or some other website?
@arbitruVAR4 жыл бұрын
Thank's for this tutorial! Great work!
@user179405 жыл бұрын
J'ai un problème de Bad credentials. Après avoir compris au bout de 2 heures qu'il fallait lire les commentaires et encoder le password en BDD (argon n'est d’ailleurs pas supporté) Sa ne marche toujours pas, peut-tu m'aider ?
@OverSeasMedia5 жыл бұрын
Can you telle how did you encode the password ? Did you the security:password-encode command or just manually ?
@user179405 жыл бұрын
@@OverSeasMedia i use security:encode-password. I'm using postman, my JSON is {"username":"test","password":"test"} sent in raw JSON, returning 401Bad credential
@user179405 жыл бұрын
i'm creating directly my user in BDD using phpmyadmin.
@OverSeasMedia5 жыл бұрын
Hello again Evan, Can you please give me you email or send me an email , i need your help to make a troubleshooting guide for this specific problem since i get asked this question a lot, I would appreciate if you could provide some more info on your environment and the code you have :)
@LionelKimbs4 жыл бұрын
si tu écris directement test données en BDD, utilise "plaintext" comme encoder.
@LibertadIndependientePrivada4 жыл бұрын
Muchas gracias, salvaste mi trabajo.
@amastou46344 жыл бұрын
for those who are using Postman , this link could be helpfull to know how to enter your token in order to access the api/lists path : learning.postman.com/docs/postman/sending-api-requests/authorization/#bearer-token
@matheusvieira18735 жыл бұрын
I´m still getting "Bad Credentials", anyone else in the same?
@OverSeasMedia5 жыл бұрын
Can you please post your log file ? It might contain helpful information
@matheusvieira18735 жыл бұрын
@@OverSeasMedia I´m already found the problem, thank you for answering my question. Your videos are helping to create my new project, thanks!
@1050king5 жыл бұрын
@@matheusvieira1873 can you share with us the solution maybe it can help me or others because i'am having the same problem
@matheusvieira18735 жыл бұрын
@@1050king I was using PostgreSQL and I forgot to define de schema of the user entity.
@matheusvieira18735 жыл бұрын
@Guilherme Rodrigo Teche I can't find your comment.
@yoandespert99365 жыл бұрын
Thanks a lot for this help !
@OverSeasMedia5 жыл бұрын
You're most welcome mate :)
@abdallahabdedaiem514 жыл бұрын
Hey guys! this what I get when I try to post credentials. ======================================== An error occurred while trying to encode the JWT token. Please verify your configuration (private key\/passphrase) ========================================