8

我想在 Swagger 上添加“授权”按钮,如下所述:https ://api-platform.com/docs/core/jwt#documenting-the-authentication-mechanism-with-swaggeropen-api

我安装了 LexikJWTAuthenticationBundle,它适用于 Curl。但是当我浏览到http://localhost:8000/api时,我只看到{"code":401,"message":"JWT Token not found"}.

我错过了什么吗?

这是我的security.yaml

security:
    encoders:
        App\Entity\User:
            algorithm: bcrypt
    providers:
        db_provider:
            entity:
                class: App\Entity\User
                property: username
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        api_login:
            pattern: ^/api/login
            stateless: true
            anonymous: true
            form_login:
                check_path: /api/login_check
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false
        api:
            pattern: ^/api
            stateless: true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator
        main:
            pattern: ^/
            anonymous: ~
            provider: db_provider
            form_login:
                login_path: app_security_login
                check_path: app_security_login
                csrf_token_generator: security.csrf.token_manager
            logout:
                path: /logout
                target: /
            remember_me:
                secret: '%kernel.secret%'
                lifetime: 604800
                path: /

    access_control:
        - { path: ^/admin, roles: ROLE_ADMIN }
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: ROLE_USER }

    role_hierarchy:
        ROLE_ADMIN: ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    access_decision_manager:
        strategy: unanimous

我的api_platform.yaml

api_platform:
    title: 'My project'
    version: '0.0.1'
    mapping:
        paths: ['%kernel.project_dir%/src/Entity']
    swagger:
         api_keys:
             apiKey:
                name: Authorization
                type: header
4

3 回答 3

9

有点晚了,但我遇到了同样的问题。您的安全配置声明任何以开头的路由都/api需要身份验证,其中包括/api自身。如果您想在/api路由上保留文档,请在安全配置中添加尾部斜杠;

firewalls:
    ...
    api:
        pattern: ^/api/


access_control:
    - { path: ^/api/, roles: IS_AUTHENTICATED_FULLY }

这将/api保持可公开访问的状态,同时需要提供有效的令牌/api/*

或者,您可以保留安全配置,并将文档移动到不同的 URL(例如/docs)。为此,您可能需要根据其他规则添加/docsIS_AUTHENTICATED_ANONYMOUSLY路径。access_control

然后,当可以访问文档页面时,单击页面顶部的AuthorizeBearer <valid JWT token>按钮并输入。

于 2018-04-22T14:51:46.497 回答
2

它很旧,但这是 2021 年的解决方案

你必须装饰开放的api工厂

编辑 :

不要在授权名称和方案密钥中添加连字符 (-),否则将不起作用(可能是其他特殊字符)

在 config/packages/api_platform.yaml 中:

swagger:
    versions: [3]
    api_keys:
        JWT: // The name of the authorization to display on swagger UI
            name: Authorization
            type: header

在 config/services.yaml 中:

App\OpenApi\JwtDecorator:
decorates: 'api_platform.openapi.factory'
arguments: [ '@App\OpenApi\JwtDecorator.inner' ]
autoconfigure: false
enter code here

装饰服务:在 OpenApi\JwtDecorator

class JwtDecorator implements OpenApiFactoryInterface
{
    public function __construct(
        private OpenApiFactoryInterface $decorated
    ) {}

    public function __invoke(array $context = []): \ApiPlatform\Core\OpenApi\OpenApi
    {
        $openApi = ($this->decorated)($context);

        $schemas = $openApi->getComponents()->getSecuritySchemes();
        $schemas['JWT'] = new \ArrayObject([
            'type' => 'http',
            'scheme' => 'bearer',
            'bearerFormat' => 'JWT'
        ]);

        return $openApi;
    }
}
于 2021-11-01T18:43:16.817 回答
0

我可以解决我的问题。在我的情况下,问题是,在public 和 private openssl keys中。首先我修复了它,第二个问题是编码。我使用下面的源来实现结果。只需看看 LexikJWTAuthenticationBundleSandbox下面的链接

于 2018-03-27T07:09:44.283 回答