Trying to get a token not currently working

1
votes

I am trying to put a JWT Auth to access my API : /api/docs But I am currently getting an error while trying to get the token with this command : 

curl -X POST -H "Content-Type: application/json" http://localhost/login_check -d '{"username":"johndoe","password":"test"}'

Of course I replace username and password

Signature key "/var/www/config/jwt/private.pem" does not exist or is not readable. Did you correctly set the "lexik_jwt_authentication.signature_key" configuration key? (500 Internal Server Error)

security.yaml

    firewalls:
        login:
            pattern:  ^/login
            stateless: true
            anonymous: true
            provider: fos_userbundle_2
            json_login:
                check_path: /login_check
                username_path: username
                password_path: password
                success_handler: 
    lexik_jwt_authentication.handler.authentication_success
                failure_handler: 
    lexik_jwt_authentication.handler.authentication_failure

        main:
            pattern:   ^/
            provider: fos_userbundle_2
            stateless: true
            anonymous: true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

Signature key "/var/www/config/jwt/private.pem" does not exist or is not readable. Did you correctly set the "lexik_jwt_authentication.signature_key" configuration key? (500 Internal Server Error)

2
symfonyjwttokenapi-platform.com
The doc is quite clear about that. github.com/lexik/LexikJWTAuthenticationBundle/blob/master/… - Spomky-Labs
so, you can't create the private and public key, or what - J.Antonio

2 Answers

8
votes

Check privilages for reading and writing to files generated by openssl.

$ mkdir -p config/jwt
$ openssl genpkey -out config/jwt/private.pem -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096
$ openssl pkey -in config/jwt/private.pem -out config/jwt/public.pem -pubout

In my case before:

-rw-------    1 root     root          3434 Jul 26 21:21 private.pem
-rw-r--r--    1 root     root           800 Jul 26 21:21 public.pem

Then I run

chmod 644 public.pem private.pem

Now:

-rw-r--r--    1 root     root          3434 Jul 26 21:21 private.pem
-rw-r--r--    1 root     root           800 Jul 26 21:21 public.pem

and it works.

Docs:

https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md#generate-the-ssh-keys

2
votes

In my local env -rw------- access works well, but in prod only -rw-r--r-- works so I think if you run into this problem and are sure you have already created pem files, you should change the permissions on private.pem and it will work as expected.