Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Symfony JWT token: exception when token is expired

Tags:

symfony

lexikjwtauthbundle

symfony-3.1

I am using JWT Token Bundle for user authentication. When the token is expired I get 500 server error. Instead of this how can I return JsonResponse with error code and message?

Here is my authenticator class:

 class JwtTokenAuthentication extends AbstractGuardAuthenticator
{
/**
 * @var JWTEncoderInterface
 */
private $jwtEncoder;

/**
 * @var EntityManager
 */
private $em;

public function __construct(JWTEncoderInterface $jwtEncoder, EntityManager $em)
{
    $this->jwtEncoder = $jwtEncoder;
    $this->em = $em;
}


public function getCredentials(Request $request)
{
    $extractor = new AuthorizationHeaderTokenExtractor(
        'Bearer',
        'Authorization'
    );
    $token = $extractor->extract($request);
    if (!$token) {
        return null;
    }

    return $token;
}

public function getUser($credentials, UserProviderInterface $userProvider)
{
    $data = $this->jwtEncoder->decode($credentials);
    if(!$data){
      return null;
    }
    $user = $this->em->getRepository("AlumnetCoreBundle:User")->find($data["email"]);
    return $user;
}

public function checkCredentials($credentials, UserInterface $user)
{
    return true;
}

public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
    //todo
}

public function start(Request $request, AuthenticationException $authException = null)
{
    return new JsonResponse([
        'errorMessage' => 'auth required'
    ], Response::HTTP_UNAUTHORIZED);
}
}
like image 975
blahblah Avatar asked Oct 30 '22 09:10

blahblah

1 Answers

You can decode the token in a try-catch:

try {
    $data = $this->jwtEncoder->decode($credentials);
} catch (\Exception $e) {
    throw new \Symfony\Component\Security\Core\Exception\BadCredentialsException($e->getMessage(), 0, $e);
}

But you might have to implement the missing onAuthenticationFailure since throwing this exception will make it called. Something like:

public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
    return new JsonResponse([
        'errorMessage' => $exception->getMessage(),
    ], Response::HTTP_UNAUTHORIZED);
}

Btw, LexikJWTAuthenticationBundle comes with a built-in JWTTokenAuthenticator since its 2.0 version. I suggest you to try using it before implementing your own authenticator, or at least extend it.

like image 86
chalasr Avatar answered Jan 02 '23 20:01

chalasr
Sign in to Comment

Related questions

Symfony2: Creating entity table conditionally
Advice for implementing field whitelists with Symfony/FosRestBundle/JMS Serializer
PayPal REST API: Fulfill Order/Payment on Redirect URL or on Webhook call?
Symfony 2.5 : sql query with Where IN Clause using an array as a parameter
Symfony Password Reset without FOS Bundle
Symfony2 run console command in background
PHP7 + Symfony 3.1.0 + Vagrant: Failed to write session data
Symfony Doctrine schema update not detecting changes with nullable datetime
unable to transform value for property path "tagname". Expected a Doctrine\Common\Collections\Collection object
Swiftmailer Attachment error (unable to open file for reading) on symfony2 project
Cannot normalize attribute "timezone" because injected serializer is not a normalizer
Use \PHPUnit_Framework_TestCase or ..\TestCase
JMS Serializer not serializing child classes
Symfony3 Keeping locale after login
Proper development environment for Symfony2 Windows/Linux
Symfony how to parse RSS feed on Twig
php bin/console symfony commands give a fatal error
how to get the current locale in symfony 2.3?
Assetic - Route "_assetic_001d5b7_0" does not exist
User Deprecated: Doctrine\Common\ClassLoader is deprecated

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!