我正在尝试使用 JWT 保护我的 API。但问题是,我无法访问 Swagger UI,因为我收到 401:未找到 JWT 令牌。
packages/api_platform.yml
api_platform:
swagger:
api_keys:
JWT:
name: Authorization
type: header
packages/security.yml
security:
enable_authenticator_manager: true
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
login:
pattern: ^/api/login
stateless: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
jwt: ~
access_control:
- { path: ^/api/login, roles: PUBLIC_ACCESS }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
when@test:
security:
password_hashers:
# By default, password hashers are resource intensive and take time. This is
# important to generate secure password hashes. In tests however, secure hashes
# are not important, waste resources and increase test times. The following
# reduces the work factor to the lowest possible values.
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon
lexik_jwt_authentication.yml
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
api_platform:
check_path: /api/login_check
username_path: email
password_path: security.credentials.password
我还使用
lexik:jwt:generate-keypair
生成了 JWT。一旦我从终端创建 CURL 请求,我就会拿回令牌
curl -X POST -H "Content-Type: application/json" https://project-symfony.ddev.site/index.php/api/login_check -d '{"username":"[email protected]","password":"admin"}'
我正在尝试使用 Swagger UI 并在其中添加不记名令牌。但是当我访问 https://project-symfony.ddev.site/api 时,它显示“未找到 JWT”。有任何想法吗?我已经检查了 API Platform、Lexik Documentation、Symfony 的教程,但没有任何效果。我正在使用 Symfony 6.4.4,带有 security-bundle
由于这个社区实际上已经死亡,并且他们无缘无故对线程进行否决,我将发布答案,因为这可能会在将来帮助其他人。
我修改了 security.yml 中 API 的模式,在
pattern: ^/api/
完整的安全.yml
security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
login:
pattern: ^/api/login
stateless: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api/ #Slash added
stateless: true
jwt: ~
access_control:
- { path: ^/api/login, roles: PUBLIC_ACCESS }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
when@test:
security:
password_hashers:
# By default, password hashers are resource intensive and take time. This is
# important to generate secure password hashes. In tests however, secure hashes
# are not important, waste resources and increase test times. The following
# reduces the work factor to the lowest possible values.
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon
通过此更改,API 平台/Swagger UI 可以无缝工作,允许通过输入不记名令牌来处理授权。