Trying to use it with mongo, but the user login_check payload is empty

[ProteanCode]

Hi there

I am trying to use that library with a mongodb,so I started from there
https://github.com/lexik/LexikJWTAuthenticationBundle/blob/2.x/Resources/doc/8-jwt-user-provider.rst

But after doing a POST request I get an error that

Warning: Undefined array key "roles"

Actually the whole payload is empty...

I am confused, there is no reason for the payload to be empty

[fd6130]

Hi, can you post your security.yaml and also the user provider use for authentication in your project?

[ProteanCode]

security:
    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:
        jwt:
            lexik_jwt:
                class: App\Security\User

    firewalls:
        login:
            pattern: ^/api/login
            stateless: true
            json_login:
                check_path: /api/login_check
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure

        api:
            pattern:   ^/api
            stateless: true
            provider: jwt
            jwt:
                authenticator: app.custom_authenticator

        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            lazy: true
            provider: jwt

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/api/login, roles: PUBLIC_ACCESS }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }

when@test:
    security:
        password_hashers:
            # By default, password hashers are resource intensive and take time. This is
            # important to generate secure password hashes. In tests however, secure hashes
            # are not important, waste resources and increase test times. The following
            # reduces the work factor to the lowest possible values.
            Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
                algorithm: auto
                cost: 4 # Lowest possible value for bcrypt
                time_cost: 3 # Lowest possible value for argon
                memory_cost: 10 # Lowest possible value for argon

<?php

namespace App\Security;

use Lexik\Bundle\JWTAuthenticationBundle\Security\User\JWTUser;
use Lexik\Bundle\JWTAuthenticationBundle\Security\User\JWTUserInterface;
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;

final class User extends \App\Document\User implements JWTUserInterface, PasswordAuthenticatedUserInterface
{
    public function __construct($username, array $roles, $email)
    {
        $this->username = $username;
        $this->roles = $roles;
        $this->email = $email;
    }

    public static function createFromPayload($username, array $payload)
    {
        return new self(
            $username,
            $payload['roles'], // Added by default
            $payload['email']  // Custom
        );
    }

    public function getRoles(): array
    {
        return [];
    }

    public function eraseCredentials()
    {
    }

    public function getUserIdentifier(): string
    {
        return $this->id;
    }

    public function getPassword(): ?string
    {
        return null;
    }
}

<?php

namespace App\Security;

use Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\JWTAuthenticator;

class CustomAuthenticator extends JWTAuthenticator
{

}

[chalasr]

Is the token produced by the very same application, using this bundle?
Can you try decoding a token that triggers the issue on https://jwt.io and check if the roles claim is present?

[ProteanCode]

Is the token produced by the very same application, using this bundle? Can you try decoding a token that triggers the issue on https://jwt.io and check if the roles claim is present?

Yes, it is going to be produced by the same application using this bundle.
No, I do not have a token yet, I am just trying to login using username and password for now by sending post request to login_check

[chalasr]

Oh ok it's not when using a token but when trying to get one. The main target of this feature is to allow not querying the database on token-authenticated requests, so you only need to hit the database once when obtaining a token. And to obtain a token, you need a regular user class and user provider such as https://symfony.com/doc/current/security/user_providers.html#entity-user-provider. The database-less user provider is mostly useful for server-to-server interactions.
If you want to use this bundle the classic way i.e. authenticating a user that exists in your database, then you may not need to use the database-less JWTUserProvider and JWTUser class at all but just follow the getting started document.
If it's still unclear, please tell us more about your use case.

[chalasr]

Ah cool!

[chalasr]

I believe you can mark the discussion as "answered" somehow, if you find, please consider doing it :)

[ProteanCode]

I believe you can mark the discussion as "answered" somehow, if you find, please consider doing it :)

Oddly I cannot

[chalasr]

Well, not a big deal 🤷‍♂️ Thanks anyway

[ProteanCode]

Well, not a big deal man_shrugging Thanks anyway

Got it. Had to move it from "General" to "Q & A" in discussion settings