11 - Symfony 4 REST: JWT API Authentication

  Рет қаралды 45,398

OverSeas Media

OverSeas Media

Күн бұрын

Пікірлер: 105
@MrYousip
@MrYousip 5 жыл бұрын
Hey ! Thank's for that wonderfull tutorial :D ! If anyone have trouble with postman to test the api/login_check use "raw" format instead of "form-data" it worked for me !
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Goddamn it where were when I was trying to use postman . Lol . Thanks man . I will pin this for anyone using postman . Cheers mate :)
@arbitruVAR
@arbitruVAR 4 жыл бұрын
I resolve this issue with change tha security.yaml at he firewalls proparty from data_login to json_login.
@scorpioniz
@scorpioniz 3 жыл бұрын
wanted to write the same :D
@Mr8perezm
@Mr8perezm 4 жыл бұрын
This video you created was super useful. I've been trying to lock down an API in Symfony for weeks now. Your vid allowed me to actually complete the task and hopefully please the boss. Thanks, keep making them.
@OverSeasMedia
@OverSeasMedia 4 жыл бұрын
Aye mate you're really welcome, of you ever get stuck and need help directly please let me know, I know what is like to be stuck and frustrated by a deadline and I'm willing to help when possible :)) Cheers :))
@customphpdesign
@customphpdesign 3 жыл бұрын
Thank you!!! After getting the token its just like dealing with a user who is logged in. You can check and restrict roles as normal. Was looking for a easy to use API for Symfony 5 and this works great!
@davidramentol4877
@davidramentol4877 3 жыл бұрын
Just to clarify: OAuth2 and JWT are not exclusive, the first one is an authorization standard and the second one is token standard. You would usually use both together.
@tark6392
@tark6392 5 жыл бұрын
Thank you so much! Newbie for symfony. My question is how did you get the hash password? Or how to create superadmin password? Thank you!
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
You're most welcome, the password can be generated using a command, just type php bin/console security: encode-password and enter your pain text password and it will give you back the hashed password, and just enter it in the database manually :)
@AinUlHUniverse
@AinUlHUniverse 2 жыл бұрын
@@OverSeasMedia make sure to remove space between "security:" and "encode-password".
@stefankosev5357
@stefankosev5357 5 жыл бұрын
Brilliant video. I don't think it can be explained better. Thank you!
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Thank you man I really appreciate the great feedback. Cheers :)
@beycandeveloper
@beycandeveloper 3 жыл бұрын
Hello my problem => Unable to find the controller for path "/login_check". The route is wrongly configured.
@nurimustafa3817
@nurimustafa3817 5 жыл бұрын
I got error Unable to find the controller for path "/api/login_check" because I tried to post using Postman with content type x-www-form-urlencoded. In Postman when you select Body type as RAW type, it gives you selection to set data type as JSON, then you enter you data as JSON. Doing this will fix controller error
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Yes that is indeed the case . You need to make sure the content type is of type json otherwise the authentication bundle won't know how to deal with your request . Cheers and thank you for sharing this with us :)
@mani874247
@mani874247 5 жыл бұрын
Nice tutorial. Please, how I can generate the password hash, so I can fellow with the rest of the material ?
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
There is a command that helps you generate the hash it's php bin/console security: encode-password
@_danisson
@_danisson 4 жыл бұрын
When i get token and try to insert the token in the header authorization bearer i got 401 token not found .
@dahlizahmed4779
@dahlizahmed4779 4 жыл бұрын
Hi, Thanks for the video ! I have question and is : can you make the time of the token unlimited ?
@sebastiendaireaux2794
@sebastiendaireaux2794 4 жыл бұрын
Hie, I know this video was done there is one years I have a question, is it possible to customize the response... I would like to have something in response like this : {"token": "blablabla", "user":"myUserName", "role":"myRole"}
@Furkan-mw7kw
@Furkan-mw7kw 4 жыл бұрын
+1
@OverSeasMedia
@OverSeasMedia 4 жыл бұрын
Sorry just got a notification about this, I can't remember exactly whether you can pass the extra data the way you did, or you'd need to add any additional data into the payload (the token) it self and then read the data from the token, it's one of those things I just can't remember exactly, sorry. xD
@AnaisUrlichs
@AnaisUrlichs 5 жыл бұрын
When I try to register the token with $ curl -X POST -H "Content-Type: application/json" localhost:8000/api/login_check -d '{"username":"username","password":"password"}' I alway get{"code":401,"message":"Bad credentials"} (I placed the information of the registered user in the database; for username -- the email, and for password -- the password); any ideas?
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Hey again, I know this might sound stupid, but make sure that your MySQL server or whatever you're using is up and working (Check yourself for that), also make sure that the information that you have in the database is correct, specifically the password, if you have a registration page then that would be fine, if not then you can manually encode the password by using the following command "security:encode-password". If none of the above actually helped let me know, Good luck :)
@AnaisUrlichs
@AnaisUrlichs 5 жыл бұрын
@@OverSeasMedia Thank you for the reply. This might be interesting for others, too. I configured everything right (used XAMPP & phpMyAdmin) etc. I was able to set up the user via curl but always got errors when I wanted to generate the token, or an empty array; also Postman only returnerd an empty array instead of the token. In the end, I was able to read the token in the header on Postman. Thanks for the help tho -- your videos are awesome!
@nurimustafa3817
@nurimustafa3817 5 жыл бұрын
Hi, how can I get authenticated user in a Controller?
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
You can use $this->getUser() . If no user is authenticated then this will return null .
@MegaJuandelgado
@MegaJuandelgado 4 жыл бұрын
Hola y gracias ... Tengo una pregunta, ¿cómo puedo personalizar la consulta del usuario, por ejemplo, verificar si el usuario está activo?, where you can customize that query?
@ivramuito
@ivramuito 4 жыл бұрын
where do i install openssl?
@richardgonzalez1191
@richardgonzalez1191 3 жыл бұрын
I am getting the token perfectly, but I also need to get the time that the token lasts
@jonatham1
@jonatham1 4 жыл бұрын
Thanks, you are the master of Symfony.
@adamyoussef6880
@adamyoussef6880 3 жыл бұрын
Hi, I've got a certainly stupid question. Is check_path that is used (that is "/login/api_check") a random one or it is required by lexik bundle? Is there a /login/api_check route assigned to some controller somewhere in the project that handles the check?
@joshualim5587
@joshualim5587 3 жыл бұрын
same question bro, did you already got an answer for that?
@farhanisrak8688
@farhanisrak8688 3 жыл бұрын
Did you find any solution for this?
@unnikrishnanadoor
@unnikrishnanadoor 4 жыл бұрын
how you made everything black in chrome?
@OverSeasMedia
@OverSeasMedia 4 жыл бұрын
I think it was an extension called stylus or something like that
@Hitienne
@Hitienne 5 жыл бұрын
Hello ! Good Job, Nice Tuto. Which command should I use in cmd windows to generate an Argon2i Key? It was written in comments yesterday but it does not appear in the comments any more
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
It's php bin/console security:encode-password
@Hitienne
@Hitienne 5 жыл бұрын
@@OverSeasMedia Merci !
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Je t'en prie :)
@diebeziehung1278
@diebeziehung1278 Жыл бұрын
Once again top video, but i have a problem when i send a curl request i recive: syntax error, unexpected identifier "Encoder", expecting variable (500 Internal Server Error) --> Can anyone help me?
@alexandresolane5531
@alexandresolane5531 4 жыл бұрын
Hello ! I'm french you explain very well different steps, but I have got an issue when i try to curl POST, i 've got a 404 error. I'm on ubuntu with a website projetct split in 2 folder API & Website, do you know which path i have to input in curl command please ?
@OverSeasMedia
@OverSeasMedia 4 жыл бұрын
The command does not need to be executed in any folder it's a good command in Ubuntu, if you have it installed and in the environment path them you can run it from anywhere
@alexandresolane5531
@alexandresolane5531 4 жыл бұрын
@@OverSeasMedia Ok thank you so if my API is in /Folder1/Folder2 i can run localhost:port/api/function :)
@OverSeasMedia
@OverSeasMedia 4 жыл бұрын
Yeah just need to see how the urls are setup , run the debug:router to see what commands you have available :)
@alexandresolane5531
@alexandresolane5531 4 жыл бұрын
@@OverSeasMedia thank you so much it works now i will continue your tutorial
@johngord752
@johngord752 5 жыл бұрын
Thanks for the video. This sort of info is hard to find for some reason. You would think that something as common as API authentication or even just authentication in general would be better documented. The API-Platform documentation on this has their own way of doing it, insisting on using docker for everything, and leaving out important parts.
@alamarnissi529
@alamarnissi529 5 жыл бұрын
Thanks bro for this awesome tuto
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
When that sort of thing happens . The first thing you need to do is make sure that in your security.yaml file the global pattern is the last thing in the list . If you have API/login and API/ , then make sure the login thing is before the API/, just as a first step .
@alamarnissi529
@alamarnissi529 5 жыл бұрын
@@OverSeasMedia Yes i'm doing it right but still have the problem :(
@tatyvakulenko
@tatyvakulenko 5 жыл бұрын
I have this error: Not configuring explicitly the provider for the "json_login" listener on "login" firewall is ambiguous as there is more than one registered provider.
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Can you please post your security files contents ? And how are you trying to access the login link ?
@tatyvakulenko
@tatyvakulenko 5 жыл бұрын
@@OverSeasMedia security: encoders: App\Entity\User: algorithm: 'auto' providers: in_memory: { memory: ~ } users: entity: class: App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/api/login stateless: true anonymous: true json_login: check_path: /api/login_check success_handler: lexik_jwt_authentication.handler.authentication_success failure_handler: lexik_jwt_authentication.handler.authentication_failure api: pattern: ^/api stateless: true guard: authenticators: - lexik_jwt_authentication.jwt_token_authenticator main: anonymous: true logout: path: /logout target: / invalidate_session: true access_control: - { path: ^/api/login, roles: IS_FULLY_ANONYMOUSLY } - { path: ^/api/, roles: IS_AUTHENTICATED_FULLY }
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
The configuration seems ok, can you please tel me how are you trying accessing this url? how are you testing it?
@tatyvakulenko
@tatyvakulenko 5 жыл бұрын
@@OverSeasMedia it works with this security.yml security: encoders: App\Entity\User: algorithm: 'auto' # symfony.com/doc/current/security.html#where-do-users-come-from-user-providers providers: in_memory: memory: users: user: password: 'user-test' roles: 'ROLE_USER' admin: password: 'admin-test' roles: 'ROLE_ADMIN' my_own_provider: entity: class: App\Entity\User property: username # if you're using multiple entity managers # manager_name: customer # BEFORE # in_memory: { memory: ~ } # users: # entity: # class: App\Entity\User # property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/api/login stateless: true anonymous: true provider: my_own_provider json_login: check_path: /api/login_check success_handler: lexik_jwt_authentication.handler.authentication_success failure_handler: lexik_jwt_authentication.handler.authentication_failure require_previous_session: false api: pattern: ^/api stateless: true provider: my_own_provider guard: authenticators: - lexik_jwt_authentication.jwt_token_authenticator main: anonymous: true logout: path: /logout target: / invalidate_session: true # provider: # entity: # class: App\Entity\User # property: email, username # activate different ways to authenticate # symfony.com/doc/current/security.html#firewalls-authentication # symfony.com/doc/current/security/impersonating_user.html # switch_user: true # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/api/login, roles: IS_FULLY_ANONYMOUSLY } - { path: ^/api/, roles: IS_AUTHENTICATED_FULLY }
@tatyvakulenko
@tatyvakulenko 5 жыл бұрын
we can discuss it via skype(nick - evaeva927)
@fobtasz4693
@fobtasz4693 5 жыл бұрын
This is brilliant! Great work! Thank you
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Thank you mate, I appreciate the nice comment :) Cheers :)
@pranansubba9587
@pranansubba9587 3 жыл бұрын
Thank you brother with this video and I think revisiting this video since Symfony 4. Currently in Symofny5.3 I'm implementing JWT but while generating key it stuck. In Symfony 4 it worked ,but in S5.3 at some dotted line it stuck forever idk, but i guess.
@abirgarma606
@abirgarma606 4 жыл бұрын
Hey I´m still getting "code":401,"message":"Authentication request could not be processed due to a system problem.", anyone else in the same? help me
@MegaJuandelgado
@MegaJuandelgado 4 жыл бұрын
providers: # used to reload user from session & other features (e.g. switch_user) app_user_provider: entity: class: App\Entity\User property: email
@abirgarma606
@abirgarma606 4 жыл бұрын
@@MegaJuandelgado I have already done this still not working
@amastou4634
@amastou4634 4 жыл бұрын
You can get more info about your error in the log file . Go on your var folder at the root of your project and inside enter in log and open dev.log, If you don't have it use before : composer require symfony/monolog-bundle I found my error by using that
@abirgarma606
@abirgarma606 4 жыл бұрын
​@@amastou4634 Now a have a token ,but i have this [2020-04-07 15:19:33] security.INFO: Populated the TokenStorage with an anonymous Token. [] [] [2020-04-07 15:19:33] security.DEBUG: Access denied, the user is not fully authenticated; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\AccessListener.php:91)"} [] [2020-04-07 15:19:33] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\HttpException: "Full authentication is required to access this resource." at C:\laragon\www\projet\vendor\symfony\security-http\Firewall\ExceptionListener.php line 194 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\HttpException(code: 0): Full authentication is required to access this resource. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\ExceptionListener.php:194, Symfony\\Component\\Security\\Core\\Exception\\InsufficientAuthenticationException(code: 0): Full authentication is required to access this resource. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\ExceptionListener.php:146, Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\AccessListener.php:91)"} []
@raphaelcolboc2505
@raphaelcolboc2505 4 жыл бұрын
Very complete tutorial ! Thanks you so much, works like a charm !
@1050king
@1050king 5 жыл бұрын
I follow your tutorial from the beginning and i'am working with Postman not the curl command but it always gives me bad credentials if you can help me or drop your project so i can download it and try it because it' s insane like i restarted your tutorial a very few time and still gives me bad credentials i really need your help man
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Did you try what the pinned comments says? it says that you need to use the raw format instead of "form-data", if that doesn't help, the github project in the description contains a working authentication system, you can clone it and try it out, if none of those two works, let me know so that we can investigate this further.
@1050king
@1050king 5 жыл бұрын
@@OverSeasMedia actually there isn't a link in the video description
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
its this one, github.com/konshensx16/symfony-todo-backend
@1050king
@1050king 5 жыл бұрын
@@OverSeasMedia i found it the problem was the password i entered i used bcrypt with the $2y$13 but when i changed to $2y$10 it worked fine but still didn't know why or how can i figure the rounds for the hash
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
@@1050king Did you use the command php bin/console security:encode-password to hash the password ? or some other website?
@arbitruVAR
@arbitruVAR 4 жыл бұрын
Thank's for this tutorial! Great work!
@user17940
@user17940 5 жыл бұрын
J'ai un problème de Bad credentials. Après avoir compris au bout de 2 heures qu'il fallait lire les commentaires et encoder le password en BDD (argon n'est d’ailleurs pas supporté) Sa ne marche toujours pas, peut-tu m'aider ?
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Can you telle how did you encode the password ? Did you the security:password-encode command or just manually ?
@user17940
@user17940 5 жыл бұрын
@@OverSeasMedia i use security:encode-password. I'm using postman, my JSON is {"username":"test","password":"test"} sent in raw JSON, returning 401Bad credential
@user17940
@user17940 5 жыл бұрын
i'm creating directly my user in BDD using phpmyadmin.
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Hello again Evan, Can you please give me you email or send me an email , i need your help to make a troubleshooting guide for this specific problem since i get asked this question a lot, I would appreciate if you could provide some more info on your environment and the code you have :)
@LionelKimbs
@LionelKimbs 4 жыл бұрын
si tu écris directement test données en BDD, utilise "plaintext" comme encoder.
@LibertadIndependientePrivada
@LibertadIndependientePrivada 4 жыл бұрын
Muchas gracias, salvaste mi trabajo.
@amastou4634
@amastou4634 4 жыл бұрын
for those who are using Postman , this link could be helpfull to know how to enter your token in order to access the api/lists path : learning.postman.com/docs/postman/sending-api-requests/authorization/#bearer-token
@matheusvieira1873
@matheusvieira1873 5 жыл бұрын
I´m still getting "Bad Credentials", anyone else in the same?
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Can you please post your log file ? It might contain helpful information
@matheusvieira1873
@matheusvieira1873 5 жыл бұрын
@@OverSeasMedia I´m already found the problem, thank you for answering my question. Your videos are helping to create my new project, thanks!
@1050king
@1050king 5 жыл бұрын
@@matheusvieira1873 can you share with us the solution maybe it can help me or others because i'am having the same problem
@matheusvieira1873
@matheusvieira1873 5 жыл бұрын
@@1050king I was using PostgreSQL and I forgot to define de schema of the user entity.
@matheusvieira1873
@matheusvieira1873 5 жыл бұрын
@Guilherme Rodrigo Teche I can't find your comment.
@yoandespert9936
@yoandespert9936 5 жыл бұрын
Thanks a lot for this help !
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
You're most welcome mate :)
@abdallahabdedaiem51
@abdallahabdedaiem51 4 жыл бұрын
Hey guys! this what I get when I try to post credentials. ======================================== An error occurred while trying to encode the JWT token. Please verify your configuration (private key\/passphrase) ========================================
@kesogonzaga2671
@kesogonzaga2671 2 жыл бұрын
thanks, that was helpful
@chahirjbali
@chahirjbali 5 жыл бұрын
you are a genius
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
Lol mate thanks :)
@Vijay-wg8oy
@Vijay-wg8oy 4 жыл бұрын
Thankyou so much!
@tianadede349
@tianadede349 3 жыл бұрын
thank you so much
@dragongun200
@dragongun200 5 жыл бұрын
Thank u
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
You're most welcome mate :)
@DrXtrememmi
@DrXtrememmi 5 жыл бұрын
thank you
@OverSeasMedia
@OverSeasMedia 5 жыл бұрын
You're welcome mate :)
@unomas9686
@unomas9686 4 жыл бұрын
ни Xyя не понял
@kramelCase
@kramelCase 3 жыл бұрын
Thank you :D
12 - Symfony 4 REST: Refresh Expired JWT
12:32
OverSeas Media
Рет қаралды 10 М.
Mom Hack for Cooking Solo with a Little One! 🍳👶
00:15
5-Minute Crafts HOUSE
Рет қаралды 23 МЛН
UFC 310 : Рахмонов VS Мачадо Гэрри
05:00
Setanta Sports UFC
Рет қаралды 1,2 МЛН
My scorpion was taken away from me 😢
00:55
TyphoonFast 5
Рет қаралды 2,7 МЛН
Top 12 Tips For API Security
9:47
ByteByteGo
Рет қаралды 132 М.
Implementing JWT Authentication in ASP.NET Core
23:51
Nick Chapsas
Рет қаралды 46 М.
FastAPI Authentication with  JWT (JSON Web Tokens)
56:18
Bek Brace
Рет қаралды 101 М.
Symfony 4 | Creating a Microservice (Part 1)
25:41
Qbrain
Рет қаралды 21 М.
JWT Route Protection | Creating a REST API with Node.js
16:27
Academind
Рет қаралды 142 М.