Invalid JWT Token

[walkoss]

Hi,

I'm facing a problem with your bundle. I have two providers customer and provider and use two different endpoint to login. I have two firewalls one for customer and the other for provider

The problem I have is that I can't use JWT token. I have a Invalid JWT Token error. I think the problem comes with Symfony 3.3, not sure.

Here is my security.yml:

security:
    encoders:
        AppBundle\Entity\Customer:
            algorithm: bcrypt
        AppBundle\Entity\Provider:
            algorithm: bcrypt

    providers:
        customer_provider:
            entity:
                class: AppBundle:Customer
                property: email
        provider_provider:
            entity:
                class: AppBundle:Provider
                property: email

    role_hierarchy:
        ROLE_CUSTOMER:  ROLE_USER
        ROLE_PROVIDER:  ROLE_USER

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        # Customer
        api_customer_login:
            pattern:  ^/customers/login
            stateless: true
            anonymous: true
            provider: customer_provider
            form_login:
                check_path:               /customers/login
                require_previous_session: false
                username_parameter:       email
                password_parameter:       password
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure

        # Provider
        api_provider_login:
            pattern:  ^/providers/login
            stateless: true
            anonymous: true
            provider: provider_provider
            form_login:
                check_path:               /providers/login
                require_previous_session: false
                username_parameter:       email
                password_parameter:       password
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure

        api_provider:
            pattern:  ^/providers
            stateless: true
            lexik_jwt: ~
            provider: provider_provider

        api_customer:
            pattern:  ^/customers
            stateless: true
            lexik_jwt: ~
            provider: customer_provider

    access_control:
        - { path: login$,       role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/customers,  role: ROLE_CUSTOMER }
        - { path: ^/providers,  role: ROLE_PROVIDER }

I can obtain a token for these two providers without problem but when I'm using it:

{
    "code": 401,
    "message": "Invalid JWT Token"
}

Header Authorization is set like that: Bearer <token>

Thanks you.

[walkoss]

Ok, I found the problem. parameters.yml had a bad path to public key.

jwt_private_key_path: '%kernel.root_dir%/../var/jwt/private.pem'
jwt_public_key_path: '%%kernel.root_dir%/../var/jwt/public.pem'

[chalasr]

The response should have been clear about that then. Reopening, will try to reproduce on my side.

[erikbaan]

In my case, the username property in my User entity was emptied in the eraseCredentials method. This resulted in a Invalid JWT Token message as well, because of failing in the isset check in JWTProvider.getUserFromPayload. I guess that in this case, the token is valid, but the user entity invalid. Which might require another error message.

[FredM]

I ran into the same problem: got this message in place of a completely unrelated issue. The thing is that any exception is catch here https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Encoder/LcobucciJWTEncoder.php#L54

Why not remove this try/catch and let the error bubble up to the front controller? In my case the server should have answered 500 not 401