Buy

Registering the Authenticator (Part 2)

The authenticator class is done - well done enough to see it working. Next, we need to register it as a service. Open up app/config/services.yml to add it: call it jwt_token_authenticator. Set its class to AppBundle\Security\JwtTokenAuthenticator:

39 lines app/config/services.yml
... lines 1 - 5
services:
... lines 7 - 35
jwt_token_authenticator:
class: AppBundle\Security\JwtTokenAuthenticator
autowire: true

And instead of adding an arguments key: here's your permission to be lazy! Set autowire to true to make Symfony guess the arguments for us.

Finally, copy the service name and head into security.yml. Under the firewall, add a guard key, add authenticators below that and paste the service name:

32 lines app/config/security.yml
security:
... lines 2 - 8
firewalls:
main:
... lines 11 - 20
guard:
authenticators:
- 'jwt_token_authenticator'
... lines 24 - 32

As soon as you do that, Symfony will call getCredentials() on the authenticator on every request. If we send a request that has an Authorization header, it should work its magic.

Let's try it! Run our original testPOSTProgrammerWorks() test: this is sending a valid JSON web token.

./vendor/bin/phpunit --filter testPOSTProgrammerWorks

And this time... it passes!

Hold on, that's pretty amazing! The authenticator automatically decodes the token and authenticates the user. By the time ProgrammerController is executed, our user is logged in. In fact, there's one other spot we can finally fix.

Down on line 37, we originally had to make it look like every programmer was being created by weaverryan:

193 lines src/AppBundle/Controller/Api/ProgrammerController.php
... lines 1 - 18
class ProgrammerController extends BaseController
{
... lines 21 - 24
public function newAction(Request $request)
{
... lines 27 - 36
$programmer->setUser($this->findUserByUsername('weaverryan'));
... lines 38 - 50
}
... lines 52 - 191
}

Without authentication, we didn't know who was actually making the API requests, and since every Programmer needs an owner, this hack was born.

Replace this with $this->getUser():

193 lines src/AppBundle/Controller/Api/ProgrammerController.php
... lines 1 - 18
class ProgrammerController extends BaseController
{
... lines 21 - 24
public function newAction(Request $request)
{
... lines 27 - 36
$programmer->setUser($this->getUser());
... lines 38 - 50
}
... lines 52 - 191
}

That's it.

Our controller doesn't know or care how we were authenticated: it just cares that $this->getUser() returns the correct user object.

Run the test again.

./vendor/bin/phpunit --filter testPOSTProgrammerWorks

It still passes! Welcome to our beautiful JWT authentication system. Now, time to lock down every endpoint: I don't want other users messing with my code battlers.

Leave a comment!

  • 2016-12-06 Victor Bocharsky

    Hey Zuhayer,

    When you have more than one service which extends the same class - you need to stop using "autowire: true" and set your dependencies manually. It's a normal behavior - system just can't determine by itself what service to inject. So you have to take this work on yourself. It's rare, but sometimes it happens like in your example with SonataAdminBundle.

    Cheers!

  • 2016-12-06 Zuhayer Tahir

    When I configure autowire i get an error

    jwt_token_authenticator:
    class: AppBundle\Security\JwtTokenAuthenticator
    autowire: true
    Unable to autowire argument of type "Doctrine\ORM\EntityManager" for the service "jwt_token_authenticator". Multiple services exist for this class (doctrine.orm.default_entity_manager, sonata.admin.entity_manager).

    How to resolve this error, or is this normal behavior when using SonataAdminBundle?
    ------------
    Currently I am manually configuring and it works:

    arguments: ['@lexik_jwt_authentication.encoder', '@doctrine.orm.entity_manager', '@api.response_factory']

  • 2016-09-07 Victor Bocharsky

    Hey Rakib,

    It's weird. Could you please show your current content of security.yml file? At least security.firewalls section. You could show it in comment here or better use GitHub Gist for that.

    Cheers!

  • 2016-09-06 Rakib Ahmed Shovon

    [Symfony\Component\Config\Definition\Exception\InvalidConfigurationException]
    Unrecognized option "guard" under "security.firewalls.main"
    why Unrecognized ? cant move forward :-(
    did as you said . help pls