Php Symfony安全组件-找不到密钥\“;用户名\";在令牌有效负载中
使用下面列出的配置,我遇到了一些奇怪的问题,我无法单独解决,因为我对Symfony太陌生了Php Symfony安全组件-找不到密钥\“;用户名\";在令牌有效负载中,php,api,symfony,security,authentication,Php,Api,Symfony,Security,Authentication,使用下面列出的配置,我遇到了一些奇怪的问题,我无法单独解决,因为我对Symfony太陌生了 security: encoders: App\Api\User\Entity\User: algorithm: bcrypt cost: 12 # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
security:
encoders:
App\Api\User\Entity\User:
algorithm: bcrypt
cost: 12
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
users:
id: 'App\Api\Auth\Provider\AuthProvider'
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# Api will be stateless, a token will be generated
api_login:
pattern: /api/login
stateless: true
context: api
anonymous: true
provider: users
form_login:
check_path: /api/login
username_parameter: email
password_parameter: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
# For web calls no need to be stateless
web_login:
pattern: /login
stateless: false
context: web
anonymous: true
provider: users
guard:
entry_point: 'App\User\Auth\Guard\LoginAuthenticator'
authenticators:
- 'App\Api\Auth\Guard\LoginAuthenticator'
form_login:
login_path: /login
check_path: /login
api:
provider: users
context: api
pattern: ^/api
stateless: true
anonymous: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
web:
provider: users
context: web
pattern: ^(/user|/template)
stateless: false
anonymous: true
guard:
authenticators:
- 'App\Api\Auth\Guard\LoginAuthenticator'
main:
pattern: ^/
anonymous: ~
logout:
path: /logout
target: /login
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/api, roles: ROLE_USER }
- { path: ^/user/*, roles: ROLE_USER }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
我已经:
- 具有安全区域和状态模式的后台办公室
- 具有无状态模式(JWT令牌)的安全区域的API
- 我可以连接我的HTML表单并查看我的角色和数据(电子邮件)
- 当我连接(HTML)时,我会立即在/user/profile上重定向 端点并查看我的信息
- 我可以调用API登录端点并获取JWT令牌
- 通过API调用,我得到了一个没有用户名(null)的令牌
- 如果您尝试从api访问安全区域,我将列出一个错误 下面
{
"code": 401,
"message": "Unable to find key \"username\" in the token payload."
}
知道吗?我的身份字段是电子邮件,而不是用户名 在jwt配置文件中,我只需输入以下内容:
lexik_jwt_authentication:
private_key_path: '%kernel.project_dir%/%env(JWT_PRIVATE_KEY_PATH)%'
public_key_path: '%kernel.project_dir%/%env(JWT_PUBLIC_KEY_PATH)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
user_identity_field: email #this line
lexik_jwt_authentication:
private_key_path: '%kernel.project_dir%/%env(JWT_PRIVATE_KEY_PATH)%'
public_key_path: '%kernel.project_dir%/%env(JWT_PUBLIC_KEY_PATH)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
user_identity_field: email #this line