LexikJWTAuthenticationBundle: Unable to create a signed JWT from the given configuration

Hi,

In version 2.4.4 all works fine, but in the 2.5 When I Post to https:/localhost/login_check with valid email and password, and pass to the AuthenticationSuccessHandler.php, i got this error:

{ "error": { "code": 500, "message": "Internal Server Error", "exception": [ { "message": "Unable to create a signed JWT from the given configuration.", "class": "Lexik\\Bundle\\JWTAuthenticationBundle\\Exception\\JWTEncodeFailureException", "trace": [ { "namespace": "", "short_class": "", "class": "", "type": "", "function": "", "file": "/var/www/mumablue/vendor/lexik/jwt-authentication-bundle/Encoder/LcobucciJWTEncoder.php", "line": 41, "args": [] }, { "namespace": "Lexik\\Bundle\\JWTAuthenticationBundle\\Encoder", "short_class": "LcobucciJWTEncoder", "class": "Lexik\\Bundle\\JWTAuthenticationBundle\\Encoder\\LcobucciJWTEncoder", "type": "->", "function": "encode", "file": "/var/www/mumablue/vendor/lexik/jwt-authentication-bundle/Services/JWTManager.php", "line": 64, "args": [ [ "array", { "roles": [ "array", [ [ "string", "STRING" ], [ "string", "ROLE_USER" ] ] ], "username": [ "string", "string2" ] } ] ] }, .......... ] } ] } }

What is the problem?

This is mi configuration file: Security

security: encoders: App\Entity\User: {algorithm: sha512, iterations: 10}

role_hierarchy:
    ROLE_ACCOUNTING: [ROLE_USER]

providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email

firewalls:
    login:
        pattern:  ^/login
        stateless: true
        anonymous: true
        provider: fos_userbundle
        json_login:
            check_path: api_login_check
            username_path: email
            password_path: password
            success_handler: lexik_jwt_authentication.handler.authentication_success
            failure_handler: lexik_jwt_authentication.handler.authentication_failure

    api:
        pattern:   ^/api
        provider: fos_userbundle
        stateless: true
        anonymous: true
        guard:
            authenticators:
                - lexik_jwt_authentication.jwt_token_authenticator

    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    main:
        pattern: ^/
        anonymous:    true

access_control:
    - { path: ^/api/users, role: IS_AUTHENTICATED_ANONYMOUSLY, methods: [POST]  }
    - { path: ^/api/, roles: [ IS_AUTHENTICATED_FULLY ] } #IS_AUTHENTICATED_FULLY
    - { path: ^/api, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: [ IS_AUTHENTICATED_ANONYMOUSLY ] }`

Routing api_login_check: path: /login_check defaults: _format: json methods: [POST] JWT lexik_jwt_authentication: private_key_path: '%env(resolve:JWT_PRIVATE_KEY_PATH)%' # required for token creation public_key_path: '%env(resolve:JWT_PUBLIC_KEY_PATH)%' # required for token verification pass_phrase: '%env(resolve:JWT_PASSPHRASE)%' # required for token creation token_ttl: '%env(resolve:JWT_TTL)%'

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 5
  • Comments: 31

Most upvoted comments

@tarlepp Check that the pass phrase used in the generation of the keys (Verifying - Enter pass phrase for config/jwt/private.pem:) is the same one that is configured in the project JWT settings (JWT_PASSPHRASE).

+121
falecomjeff on Aug 24, 2018

I recreate my public and private key and works. https://github.com/chalasr/lexik-jwt-authentication-sandbox/issues/14

+29
regisnew on Jul 26, 2018

I had this issue, though note it wasn’t specific to v2.5, this was my first time using the bundle. I’ve detailed the steps I took to debug and resolve the problem in the hopes that it might help you.

The error message in your title is found in LcobucciJWTEncoder.php and shows up when the $jws->isSigned() condition fails. Signing should be occurring in LcobucciJWSProvider.php and if you dump $e->getMessage() at line 96 you may see something similar to this:

“It was not possible to parse your key, reason: error:0906D06C:PEM routines:PEM_read_bio:no start line”

Chasing the error message again once more may lead you to the validateKey() method of lcobucci/jwt/src/Signer/Rsa.php. Here I found my key was set to false, and to determine why, I dumped the key at the top of this file at the beginning of the createHash() method. With this I noticed the private key was being read from ~/project/config/jwt/private.pem whereas, for my directory structure, it should be using ~/project/app/config/jwt/private.pem.

This turned out to be a relatively simple configuration fix of changing the keys to be read from '%kernel.project_dir%/app/config/jwt/...', which I hadn’t noticed when copy-pasting from the docs!

+24
sheraz-sarwar on Jul 23, 2018

Just set your passphrase in JWT_PASSPHRASE in your lexik_jwt_authentication.yaml file.

+8
trendkill on Feb 4, 2022

I have the same problem. Getting the error message: “Unable to create a signed JWT from the given configuration.”

I have regenerate my keys etc. None of that is working. But I found the cause / work-a-round.

My lexik_jwt_authentication.yaml is the follow: lexik_jwt_authentication: private_key_path: '%env(resolve:JWT_SECRET_KEY)%' public_key_path: '%env(resolve:JWT_PUBLIC_KEY)%' pass_phrase: '%env(resolve:JWT_PASSPHRASE)%'

If I put my passphrase hardcode here instead of the env variable it works.

+8
Bersman on Apr 12, 2019

Using version 2.6 of the bundle, make sure in .env file you got you’re passphrase added.

+2
erethilclaw on Feb 20, 2019
Read more comments on GitHub
← LexikJWTAuthenticationBundle: Ignore expired tokens and let user continue unauthenticated
ekuiper: Kuiper 0.2.1 - Cannot get message from edgex →