Hey ! Thank's for that wonderfull tutorial :D ! If anyone have trouble with postman to test the api/login_check use "raw" format instead of "form-data" it worked for me !
This video you created was super useful. I've been trying to lock down an API in Symfony for weeks now. Your vid allowed me to actually complete the task and hopefully please the boss. Thanks, keep making them.
Aye mate you're really welcome, of you ever get stuck and need help directly please let me know, I know what is like to be stuck and frustrated by a deadline and I'm willing to help when possible :)) Cheers :))
Thank you!!! After getting the token its just like dealing with a user who is logged in. You can check and restrict roles as normal. Was looking for a easy to use API for Symfony 5 and this works great!
Just to clarify: OAuth2 and JWT are not exclusive, the first one is an authorization standard and the second one is token standard. You would usually use both together.
Thank you brother with this video and I think revisiting this video since Symfony 4. Currently in Symofny5.3 I'm implementing JWT but while generating key it stuck. In Symfony 4 it worked ,but in S5.3 at some dotted line it stuck forever idk, but i guess.
Hola y gracias ... Tengo una pregunta, ¿cómo puedo personalizar la consulta del usuario, por ejemplo, verificar si el usuario está activo?, where you can customize that query?
You're most welcome, the password can be generated using a command, just type php bin/console security: encode-password and enter your pain text password and it will give you back the hashed password, and just enter it in the database manually :)
I got error Unable to find the controller for path "/api/login_check" because I tried to post using Postman with content type x-www-form-urlencoded. In Postman when you select Body type as RAW type, it gives you selection to set data type as JSON, then you enter you data as JSON. Doing this will fix controller error
Yes that is indeed the case . You need to make sure the content type is of type json otherwise the authentication bundle won't know how to deal with your request . Cheers and thank you for sharing this with us :)
When I try to register the token with $ curl -X POST -H "Content-Type: application/json" localhost:8000/api/login_check -d '{"username":"username","password":"password"}' I alway get{"code":401,"message":"Bad credentials"} (I placed the information of the registered user in the database; for username -- the email, and for password -- the password); any ideas?
Hey again, I know this might sound stupid, but make sure that your MySQL server or whatever you're using is up and working (Check yourself for that), also make sure that the information that you have in the database is correct, specifically the password, if you have a registration page then that would be fine, if not then you can manually encode the password by using the following command "security:encode-password". If none of the above actually helped let me know, Good luck :)
@@OverSeasMedia Thank you for the reply. This might be interesting for others, too. I configured everything right (used XAMPP & phpMyAdmin) etc. I was able to set up the user via curl but always got errors when I wanted to generate the token, or an empty array; also Postman only returnerd an empty array instead of the token. In the end, I was able to read the token in the header on Postman. Thanks for the help tho -- your videos are awesome!
Thanks for the video. This sort of info is hard to find for some reason. You would think that something as common as API authentication or even just authentication in general would be better documented. The API-Platform documentation on this has their own way of doing it, insisting on using docker for everything, and leaving out important parts.
Hie, I know this video was done there is one years I have a question, is it possible to customize the response... I would like to have something in response like this : {"token": "blablabla", "user":"myUserName", "role":"myRole"}
Sorry just got a notification about this, I can't remember exactly whether you can pass the extra data the way you did, or you'd need to add any additional data into the payload (the token) it self and then read the data from the token, it's one of those things I just can't remember exactly, sorry. xD
Hi, I've got a certainly stupid question. Is check_path that is used (that is "/login/api_check") a random one or it is required by lexik bundle? Is there a /login/api_check route assigned to some controller somewhere in the project that handles the check?
Once again top video, but i have a problem when i send a curl request i recive: syntax error, unexpected identifier "Encoder", expecting variable (500 Internal Server Error) --> Can anyone help me?
for those who are using Postman , this link could be helpfull to know how to enter your token in order to access the api/lists path : learning.postman.com/docs/postman/sending-api-requests/authorization/#bearer-token
Hello ! I'm french you explain very well different steps, but I have got an issue when i try to curl POST, i 've got a 404 error. I'm on ubuntu with a website projetct split in 2 folder API & Website, do you know which path i have to input in curl command please ?
The command does not need to be executed in any folder it's a good command in Ubuntu, if you have it installed and in the environment path them you can run it from anywhere
Hello ! Good Job, Nice Tuto. Which command should I use in cmd windows to generate an Argon2i Key? It was written in comments yesterday but it does not appear in the comments any more
I have this error: Not configuring explicitly the provider for the "json_login" listener on "login" firewall is ambiguous as there is more than one registered provider.
You can get more info about your error in the log file . Go on your var folder at the root of your project and inside enter in log and open dev.log, If you don't have it use before : composer require symfony/monolog-bundle I found my error by using that
@@amastou4634 Now a have a token ,but i have this [2020-04-07 15:19:33] security.INFO: Populated the TokenStorage with an anonymous Token. [] [] [2020-04-07 15:19:33] security.DEBUG: Access denied, the user is not fully authenticated; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\AccessListener.php:91)"} [] [2020-04-07 15:19:33] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\HttpException: "Full authentication is required to access this resource." at C:\laragon\www\projet\vendor\symfony\security-http\Firewall\ExceptionListener.php line 194 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\HttpException(code: 0): Full authentication is required to access this resource. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\ExceptionListener.php:194, Symfony\\Component\\Security\\Core\\Exception\\InsufficientAuthenticationException(code: 0): Full authentication is required to access this resource. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\ExceptionListener.php:146, Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at C:\\laragon\\www\\projet\\vendor\\symfony\\security-http\\Firewall\\AccessListener.php:91)"} []
When that sort of thing happens . The first thing you need to do is make sure that in your security.yaml file the global pattern is the last thing in the list . If you have API/login and API/ , then make sure the login thing is before the API/, just as a first step .
Hey guys! this what I get when I try to post credentials. ======================================== An error occurred while trying to encode the JWT token. Please verify your configuration (private key\/passphrase) ========================================
J'ai un problème de Bad credentials. Après avoir compris au bout de 2 heures qu'il fallait lire les commentaires et encoder le password en BDD (argon n'est d’ailleurs pas supporté) Sa ne marche toujours pas, peut-tu m'aider ?
@@OverSeasMedia i use security:encode-password. I'm using postman, my JSON is {"username":"test","password":"test"} sent in raw JSON, returning 401Bad credential
Hello again Evan, Can you please give me you email or send me an email , i need your help to make a troubleshooting guide for this specific problem since i get asked this question a lot, I would appreciate if you could provide some more info on your environment and the code you have :)
I follow your tutorial from the beginning and i'am working with Postman not the curl command but it always gives me bad credentials if you can help me or drop your project so i can download it and try it because it' s insane like i restarted your tutorial a very few time and still gives me bad credentials i really need your help man
Did you try what the pinned comments says? it says that you need to use the raw format instead of "form-data", if that doesn't help, the github project in the description contains a working authentication system, you can clone it and try it out, if none of those two works, let me know so that we can investigate this further.
@@OverSeasMedia i found it the problem was the password i entered i used bcrypt with the $2y$13 but when i changed to $2y$10 it worked fine but still didn't know why or how can i figure the rounds for the hash