0

I'm using symfony 7.1; Installed lexikjwttoken;

I want to allow some routes to be called without an authentification;

Here my security.yml :

security:
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
    
    providers:
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email

    firewalls:
        login:
            pattern: ^/api/v1/auth/sign-in
            stateless: true
            custom_authenticator: App\Security\JwtCustomAuthenticator
        api:
            pattern: ^/api
            stateless: true
            jwt: ~
    
    access_control:
        - { path: ^/api/v1/auth/sign-in, roles: PUBLIC_ACCESS }
        - { path: ^/api/v1/auth/check-pin, roles: PUBLIC_ACCESS }
        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

My route in controller looks like :

    #[Route('/check-pin', name: 'check_pin', methods: ['POST'])]
    public function checkPin(Request $request): JsonResponse
    {
        return $this->userTokenResponse->createSuccessResponse(200, ['token' => '111']);
    }

When I tried to make a POST /api/v1/auth/check-pin, I received :

{
    "code": 401,
    "message": "Expired JWT Token"
}

Any ideas why this happens ? I add the PUBLIC_ACCESS for this route already;

Improve this question
Related questions
1
app.user is not accessible from unsecured area
1
Symfony - Security / routing setup to enable password protected user pages
2
Symfony3 JWT with LexikJWTAuthenticationBundle returns 404 on Preflight OPTIONS
Load 2 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.