Comments (11)
@uxen-kv Apache is stripping away the Authorization
header because it's not in a standard format. Looks like it's a known issue:
- Reference
#1
: https://stackoverflow.com/a/17175260 - Reference
#2
: https://stackoverflow.com/a/19445020 - Reference
#3
: https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md - Reference
#4
: symfony/symfony#19693 (comment)
from oauth2-bundle.
You are not suppose to define a user provider on your own. Remove the following configuration block:
providers:
app_user_provider:
entity:
class: Trikoder\Bundle\OAuth2Bundle\Security\Authentication\Provider\OAuth2Provider
If you have users in your application and want to handle requests on their behalf, consult the documentation on how to implement password
grant type handling:
https://github.com/trikoder/oauth2-bundle/blob/master/docs/password-grant-handling.md
from oauth2-bundle.
Ok I removed this block of code, now my security.yaml only contains the firewalls section.
But the error is still there, even after I cleared the cache.
For my API routes I take the "access_token" field returned by the /token route, and then I pass it like this in my headers : "Authorization: Bearer my_token".
Is this the correct way ?
My project is an API that will provide resources to other "apps" so I am using the client_credentials authentication.
Edit : I am using fos rest bundle for the API
If that may help :
[
"exception" => AuthenticationCredentialsNotFoundException {
-token: null
#message: "A Token was not found in the TokenStorage."
#code: 0
#file: "vendor/symfony/security-http/Firewall/AccessListener.php"
#line: 51
trace: {}
}
]
from oauth2-bundle.
@uxen-kv Could you please provide the entire stack trace of the exception?
from oauth2-bundle.
Sure :
[▼
"exception" => AuthenticationCredentialsNotFoundException {#171 ▼
-token: null
#message: "A Token was not found in the TokenStorage."
#code: 0
#file: "vendor/symfony/security-http/Firewall/AccessListener.php"
#line: 51
trace: {▼
vendor/symfony/security-http/Firewall/AccessListener.php:51 {▼
› if (null === $token = $this->tokenStorage->getToken()) {
› throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
› }
}
vendor/symfony/security-bundle/Debug/WrappedListener.php:46 {▼
› $startTime = microtime(true);
› $this->listener->handle($event);
› $this->time = microtime(true) - $startTime;
arguments: {▼
$event: GetResponseEvent {#64 …}
}
}
vendor/symfony/security-bundle/Debug/TraceableFirewallListener.php:35 {▼
› $wrappedListener = new WrappedListener($listener);
› $wrappedListener->handle($event);
› $this->wrappedListeners[] = $wrappedListener->getInfo();
arguments: {▼
$event: GetResponseEvent {#64 …}
}
}
vendor/symfony/security-http/Firewall.php:90 {▼
›
› $this->handleRequest($event, $authenticationListeners());
› }
arguments: {▼
$event: GetResponseEvent {#64 …}
$listeners: Generator {#185 …}
}
}
vendor/symfony/security-bundle/EventListener/FirewallListener.php:48 {▼
›
› parent::onKernelRequest($event);
› }
arguments: {▼
$event: GetResponseEvent {#64 …}
}
}
vendor/symfony/event-dispatcher/Debug/WrappedListener.php:111 {▼
›
› ($this->listener)($event, $eventName, $this->dispatcher ?: $dispatcher);
›
arguments: {▼
$event: GetResponseEvent {#64 …}
...: {▼
"kernel.request"
TraceableEventDispatcher {#118 …}
}
}
}
vendor/symfony/event-dispatcher/EventDispatcher.php:212 {▼
› }
› $listener($event, $eventName, $this);
› }
arguments: {▼
$event: GetResponseEvent {#64 …}
$eventName: "kernel.request"
$dispatcher: EventDispatcher {#117 …}
}
}
vendor/symfony/event-dispatcher/EventDispatcher.php:44 {▼
› if ($listeners = $this->getListeners($eventName)) {
› $this->doDispatch($listeners, $eventName, $event);
› }
arguments: {▼
$listeners: [ …9]
$eventName: "kernel.request"
$event: GetResponseEvent {#64 …}
}
}
vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:145 {▼
› try {
› $this->dispatcher->dispatch($eventName, $event);
› } finally {
arguments: {▼
$eventName: "kernel.request"
$event: GetResponseEvent {#64 …}
}
}
vendor/symfony/http-kernel/HttpKernel.php:126 {▼
› $event = new GetResponseEvent($this, $request, $type);
› $this->dispatcher->dispatch(KernelEvents::REQUEST, $event);
›
arguments: {▼
$eventName: "kernel.request"
$event: GetResponseEvent {#64 …}
}
}
vendor/symfony/http-kernel/HttpKernel.php:67 {▼
› try {
› return $this->handleRaw($request, $type);
› } catch (\Exception $e) {
arguments: {▼
$request: Request {#8 …}
$type: 1
}
}
vendor/symfony/http-kernel/Kernel.php:198 {▼
› try {
› return $this->getHttpKernel()->handle($request, $type, $catch);
› } finally {
arguments: {▼
$request: Request {#8 …}
$type: 1
$catch: true
}
}
public/index.php:37 {▼
› $request = Request::createFromGlobals();
› $response = $kernel->handle($request);
› $response->send();
arguments: {▼
$request: Request {#8 …}
}
}
}
}
]
Am I missing something in the configuration ?
from oauth2-bundle.
@uxen-kv Can you show me how your HTTP request looks like to the protected API endpoint? I was only able to reproduce your error if I completely omitted the Authorization
header from the request.
from oauth2-bundle.
Edit :
A curl request :
curl -X GET \
http://example.com/public/index.php/api/v1.0/devices \
-H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjZkMzBmMGZkZWFhMjhmNTNkNzFjNmVmYTNlZGMyNmE2YzQxODY5ZGQwZTI0MTUyYmUyZDkwMWM4YWFiZTI5NjVlNzM4NThmNzg3MjQ5NWI2In0.eyJhdWQiOiJ0ZXN0IiwianRpIjoiNmQzMGYwZmRlYWEyOGY1M2Q3MWM2ZWZhM2VkYzI2YTZjNDE4NjlkZDBlMjQxNTJiZTJkOTAxYzhhYWJlMjk2NWU3Mzg1OGY3ODcyNDk1YjYiLCJpYXQiOjE1NTA1MDM3MzEsIm5iZiI6MTU1MDUwMzczMSwiZXhwIjoxNTUwNTA3MzMxLCJzdWIiOiIiLCJzY29wZXMiOltdfQ.b3Fy7vKwPBJPkAmd15LBecfpLWOIBxcFExcwJ0yXR8sozi6NeFAqYkSGB0zvNR5KdmH0cRnqNSvKt7N4Bqwd-h0Nq5SJAEWngNEW-_o-8w6aQCrpyf7mNDyIuZ86a1YYqcv4fAKSIniHb8nZs7tnio7ZpNRYLmDKkJptEqw0FIrjd0dtNg96rGkdfDDE-WUXq084JdRHcN98TPxBx32WMpMYaQu8RHBBu-0aqS0I4mxA1biJuMn_NnBwE_AF79qyawBWt5GWZgXhDZ4qT4H9khWEUxGHUXhdWKHWN_ScHDLXMGlYMFh-M7IPOfuHe51ubVJPmvDByPak0bNf_A3FKA'
from oauth2-bundle.
@uxen-kv Do you get any response back with that cURL request? I get:
The resource server rejected the request.
If you don't get any response at all, something must be stripping your Authorization
header.
from oauth2-bundle.
Yes I get a response, here is the request and the response with cURL :
* Trying 192.168.33.77...
* TCP_NODELAY set
* Connected to example.com (192.168.33.77) port 80 (#0)
> GET /public/index.php/api/v1.0/devices HTTP/1.1
> Host: example.com
> User-Agent: curl/7.54.0
> Accept: */*
> Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjZkMzBmMGZkZWFhMjhmNTNkNzFjNmVmYTNlZGMyNmE2YzQxODY5ZGQwZTI0MTUyYmUyZDkwMWM4YWFiZTI5NjVlNzM4NThmNzg3MjQ5NWI2In0.eyJhdWQiOiJ0ZXN0IiwianRpIjoiNmQzMGYwZmRlYWEyOGY1M2Q3MWM2ZWZhM2VkYzI2YTZjNDE4NjlkZDBlMjQxNTJiZTJkOTAxYzhhYWJlMjk2NWU3Mzg1OGY3ODcyNDk1YjYiLCJpYXQiOjE1NTA1MDM3MzEsIm5iZiI6MTU1MDUwMzczMSwiZXhwIjoxNTUwNTA3MzMxLCJzdWIiOiIiLCJzY29wZXMiOltdfQ.b3Fy7vKwPBJPkAmd15LBecfpLWOIBxcFExcwJ0yXR8sozi6NeFAqYkSGB0zvNR5KdmH0cRnqNSvKt7N4Bqwd-h0Nq5SJAEWngNEW-_o-8w6aQCrpyf7mNDyIuZ86a1YYqcv4fAKSIniHb8nZs7tnio7ZpNRYLmDKkJptEqw0FIrjd0dtNg96rGkdfDDE-WUXq084JdRHcN98TPxBx32WMpMYaQu8RHBBu-0aqS0I4mxA1biJuMn_NnBwE_AF79qyawBWt5GWZgXhDZ4qT4H9khWEUxGHUXhdWKHWN_ScHDLXMGlYMFh-M7IPOfuHe51ubVJPmvDByPak0bNf_A3FK
>
< HTTP/1.1 401 Unauthorized
< Date: Mon, 18 Feb 2019 15:45:33 GMT
< Server: Apache/2.4.7 (Ubuntu)
< WWW-Authenticate: Bearer
< Cache-Control: no-cache, private
< X-Debug-Token: fd6529
< X-Debug-Token-Link: http://example.com/public/index.php/_profiler/fd6529
< Content-Length: 0
< Content-Type: application/json
<
* Connection #0 to host example.com left intact
from oauth2-bundle.
With a condition in the VirtualHost it's now working :
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
Thank you for your help and for your library, it made me save a lot of time !
from oauth2-bundle.
Not a problem. I'm glad you've found this bundle useful. :-)
I'll update the documentation to provide this protip for Apache users.
from oauth2-bundle.
Related Issues (20)
- Symfony 5.3 new user interface support HOT 2
- Doctrine Bundle 2.4 support HOT 1
- How to get access token for all types of grants? HOT 3
- PHPDumper throws error on installation, string:OAUTH2_ENCRYPTION_KEY are never used
- How to override/extend Model-Classes for Client, AccessToken, etc
- Restricting routes by scope example HOT 1
- Symfony 5.3 Deprecation issue HOT 4
- in_memory persistence: provide client_id and client_secret from .env files HOT 1
- Writing the tests relying on config
- How can I get data from access token? HOT 2
- Symfony 5.3 Basic Setup, does not work! HOT 2
- [Question] How to manually generate a refresh token?
- Re-using unit test
- 1 package has known vulnerabilities HOT 1
- unexplained Client authentication failed error HOT 1
- Password Grant Flow
- Add Symfony 6 support HOT 2
- phpstan lvl 2 error on dev-master 09462b1 HOT 1
- sensio/framework-extra-bundle dependencya problem with 3.2.0 HOT 1
- is this project still maintained ? HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-bundle.