无法使用令牌向 api 平台授权
Unable to auth to api platform with token
我使用 symfony api 平台设置了一个 api,当使用用户凭据(用户名和密码)登录时 api returns 我的令牌,但是当我想获取使用此令牌的用户列表,但出现以下错误:
{
"code": 401,
"message": "Invalid credentials."
}
下面是我的 security.yaml :
security:
enable_authenticator_manager: true
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
json_login:
check_path: /api/login
username_path: username
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api/
stateless: true
provider: app_user_provider
jwt: ~
main:
lazy: true
provider: app_user_provider
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
- { path: ^/api/docs, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY}
# { path: ^/api/users, roles: IS_AUTHENTICATED_FULLY}
when@test:
security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon
有人知道为什么我无法使用有效令牌登录吗?
***更新***
我发送的内容:
curl -X 'GET' \
'https://127.0.0.1:8001/api/users?page=1' \
-H 'accept: application/ld+json' \
-H 'Authorization: Bearer HERE_IS_MY_TOKEN'
感谢您的帮助
您错误地将 app_user_provider 配置为 属性 email,但在您的防火墙中您使用了 username 字段。您必须像这样切换您的提供商 property :
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: username # and not email
我使用 symfony api 平台设置了一个 api,当使用用户凭据(用户名和密码)登录时 api returns 我的令牌,但是当我想获取使用此令牌的用户列表,但出现以下错误:
{
"code": 401,
"message": "Invalid credentials."
}
下面是我的 security.yaml :
security:
enable_authenticator_manager: true
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
json_login:
check_path: /api/login
username_path: username
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api/
stateless: true
provider: app_user_provider
jwt: ~
main:
lazy: true
provider: app_user_provider
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
- { path: ^/api/docs, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY}
# { path: ^/api/users, roles: IS_AUTHENTICATED_FULLY}
when@test:
security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon
有人知道为什么我无法使用有效令牌登录吗?
***更新*** 我发送的内容:
curl -X 'GET' \
'https://127.0.0.1:8001/api/users?page=1' \
-H 'accept: application/ld+json' \
-H 'Authorization: Bearer HERE_IS_MY_TOKEN'
感谢您的帮助
您错误地将 app_user_provider 配置为 属性 email,但在您的防火墙中您使用了 username 字段。您必须像这样切换您的提供商 property :
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: username # and not email