Symfony LexikJWTAuthenticationBundle Unable to authenticate

Question

I'm encountering an issue with the JWT Auth bundle on Symfony 3. I've followed instructions from their github README but just can't seem to figure out where I've gone wrong or what is going wrong.

I am using Symfony 3.1.1, With LexikJWTAuthenticationBundle 2.0 And FriendsofSymfony userbundle.

The problem: Whenever I try to log in as instructed in their example via (with user and password substituted):

curl -X POST http://192.168.33.30/api/login_check -d _username=johndoe -d _password=test

I get:

{"code":401,"message":"Bad credentials"}

If I generate the token manually via:

        $jwtManager = $this->container->get('lexik_jwt_authentication.jwt_manager');
    $userManager = $this->container->get('fos_user.user_manager');
    $user = $userManager->findUserByEmail('emailhere');
    dump($jwtManager->create($user));

I get given quite a lengthy token. And then using that in postman as a Header with key "Authorization" value: "Bearer "

I then try to call an endpoint under the firewalled url and the failure_handler is triggered. It manages to extract from the token the data, ie the email I encoded in the token and so on. But I always get the failure.

My other data is:

security.yml security: encoders: FOS\UserBundle\Model\UserInterface: bcrypt

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN


# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
    in_memory:
        memory: ~
    fos_userbundle:
        id: fos_user.user_provider.username
        firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    login:
        pattern:  ^/api/login
        stateless: true
        anonymous: true
        form_login:
            check_path:               /api/login_check
            success_handler:          lexik_jwt_authentication.handler.authentication_success
            failure_handler:          lexik_jwt_authentication.handler.authentication_failure
            require_previous_session: false
    api:
        pattern:   ^/api
        stateless: true
        guard:
            authenticators:
                - lexik_jwt_authentication.jwt_token_authenticator
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            # csrf_token_generator: security.csrf.token_manager

        logout:       true
        anonymous:    true

config.yml

lexik_jwt_authentication:
private_key_path: %jwt_private_key_path%
public_key_path:  %jwt_public_key_path%
pass_phrase:      %jwt_key_pass_phrase%
token_ttl:        %jwt_token_ttl%
# key under which the user identity will be stored in the token payload
user_identity_field: email

# token encoding/decoding settings
encoder:
    # token encoder/decoder service - default implementation based on the namshi/jose library
    service:            lexik_jwt_authentication.encoder.default
    # crypto engine used by the encoder service
    crypto_engine:  openssl
    # encryption algorithm used by the encoder service
    signature_algorithm: RS256

# token extraction settings
token_extractors:
    authorization_header:      # look for a token as Authorization Header
        enabled: true
        prefix:  Bearer
        name:    Authorization
    cookie:                    # check token in a cookie
        enabled: false
        name:    BEARER
    query_parameter:           # check token in query string parameter
        enabled: false
        name:    bearer

routing.yml

api_login_check:
path: /api/login_check

If anyone has any suggestions please let me know. I'm stumped over this.

Answer 1

You need to remove the in memory user provider:

providers:
    fos_userbundle:
         id: fos_user.user_provider.username