2

我正在使用 JWT 进行身份验证的 symfony 中的 API。对于 JWT,我使用 LexikJWTAuthenticationBundle,对于令牌刷新,我使用 JWTRefreshTokenBundle。我想要做的是通过令牌对用户进行身份验证并给它刷新令牌。在安全方面,我有:

firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        login:
            pattern:    ^/api/login_check
            stateless:  true
            anonymous:  true
            form_login:
                check_path:               fos_user_security_check
                username_parameter:       username
                password_parameter:       password
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false
        register:
            pattern:    ^/api/register
            anonymous:  true
            stateless:  true
        refresh:
            pattern:    ^/api/token/refresh
            stateless:  true
            anonymous:  true
        api:
            pattern:    ^/api
            provider:   fos_userbundle
            stateless:  true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

在我的注册操作中,我有:

    /**
     * @Route("/api/register")
     * @Method({"POST"})
     */
    public function registerAction(Request $request)
    {
        $userManager = $this->get('fos_user.user_manager');
        $data = $request->request->all();

        $mailValidator = $this->get('validator.email');
        $mailValidator->validate($data['email']);

        $user = $userManager->createUser();
        $user->setUsername($data['username']);
        $user->setPlainPassword($data['password']);
        $user->setEmail($data['email']);
        $user->setEnabled(true);

        $userManager->updateUser($user);

        return $this->generateToken($user, 201);
    }

    protected function generateToken(User $user, $statusCode = 200)
    {
        $token = $this->get('lexik_jwt_authentication.jwt_manager')->create($user);
        $response = array(
            'token' => $token,
            'refreshToken' => null,
            'username'  => $user->getUsername(),
            'mail'      => $user->getEmail(),
        );

        return new JsonResponse($response, $statusCode);
    }

在生成操作方法中,我可以从用户实体创建令牌,但我也无法创建刷新令牌。对于提供商,我使用 FOSUserBundle,它是 login_check 控制器。我尝试从 generateToken 方法向该控制器发送发布请求,但没有成功。任何帮助,将不胜感激。

4

1 回答 1

-1

I don't know if you solved it but the refresh token will be generated after successful login. So you do not need to generate a refresh token when registration. This is my code :

Security.yml:

security:
encoders:
    FOS\UserBundle\Model\UserInterface: bcrypt

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email

firewalls:
    login:
        pattern:    ^/login_check
        stateless:  true
        anonymous:  true
        form_login:
            check_path:               fos_user_security_check
            success_handler:          lexik_jwt_authentication.handler.authentication_success
            failure_handler:          lexik_jwt_authentication.handler.authentication_failure
            require_previous_session: false
    register:
        pattern:    ^/register
        anonymous:  true
        stateless:  true
    refresh:
        pattern:    ^/token/refresh
        stateless:  true
        anonymous:  true
    api:
        pattern:    ^/
        provider:   fos_userbundle
        stateless:  true
        guard:
                authenticators:
                    - 'token_authenticator'

access_control:
    - { path: ^/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY }

Service.yml:

services:
token_authenticator:
    class: UserBundle\Security\TokenAuthenticator
    arguments: ['@lexik_jwt_authentication.encoder', '@doctrine.orm.entity_manager']

config.yml:

lexik_jwt_authentication:
    private_key_path: '%jwt_private_key_path%'
    public_key_path:  '%jwt_public_key_path%'
    pass_phrase:      '%jwt_key_pass_phrase%'
    token_ttl:        '%jwt_token_ttl%'

gesdinet_jwt_refresh_token:
    user_provider: fos_user.user_provider.username_email
    ttl: 2592000
    ttl_update: true
    firewall: api

Run in terminal:

curl -X POST http://demowebsite.com/login_check -d username=USERNAME -d password=PASSWORD

This wil generate a token and refresh token. The refresh token will be stored in your DB table refresh_token

于 2017-03-02T11:58:17.657 回答