JWTRefreshTokenBundle: Symfony 5.4 error AbstractGuardAuthenticator

Since Symfony 5.4, I have an error with the bundle.

Attempted to load class "AbstractGuardAuthenticator" from namespace "Symfony\Component\Security\Guard".
Did you forget a "use" statement for another namespace?

class RefreshTokenAuthenticator extends AbstractGuardAuthenticator

Could you help me to update the bundle ?

About this issue

  • Original URL
  • State: open
  • Created 2 years ago
  • Reactions: 2
  • Comments: 28 (13 by maintainers)

Most upvoted comments

Without controller: getting this error: Unable to find the controller for path "/api/token/refresh". The route is wrongly configured.

+5
ajay-gupta on Jan 24, 2022

You shouldn’t need it, https://github.com/markitosgv/JWTRefreshTokenBundle#define-the-refresh-token-route is pretty much the exact same thing I’m saying here with removing the controller key. https://github.com/markitosgv/JWTRefreshTokenBundle/issues/255#issuecomment-931211151 is the only other time I’ve seen that one referenced and there wasn’t really a “fix” shared beyond just rebuilding the route configuration.

+4
mbabker on Jan 24, 2022

Remove the controller: gesdinet.jwtrefreshtoken::refresh config from the route. That line is only required for folks using Symfony 4.4 applications and will break a Symfony 6 application because the Security-Guard component is not supported on Symfony 6.

+2
mbabker on May 5, 2022

The 1.1 release should fix this.

+2
mbabker on Apr 11, 2022

Remove the controller: line from the route definition, it’s not needed with the newer authenticator.

+2
mbabker on Jan 24, 2022

Sorry for my security.yaml😅 I hope I was able to help you solve you problem!🤜🏼🤛🏼

+1
blosky01 on May 5, 2022

@blosky01 Thank you (it’s difficult to read your security.yaml ^^). I think it works, when I make a POST request to /api/token/refresh, the results contains a token and refresh_token ?

image

security.yaml:

security:
    enable_authenticator_manager: true

    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
        App\Entity\User:
            algorithm: auto

    providers:
        user:
            entity:
                class: App\Entity\User
                property: email

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        admin:
            pattern: ^/admin
            provider: user
            entry_point: form_login
            custom_authenticators:
                - App\Security\AdminAuthenticator
            form_login:
                provider: user
                login_path: admin_login
                check_path: admin_login_check
                failure_path: admin_login
                default_target_path: admin
                use_forward: false
                use_referer: true
                enable_csrf: true
            logout:
                path: admin_logout
                target: admin_login

        api:
            pattern: ^/api
            stateless: true
            json_login:
                check_path: /api/login
                username_path: email
                password_path: password
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
            entry_point: jwt
            jwt: ~
            refresh_jwt:
                check_path: /api/token/refresh
                provider: user
            switch_user: false
            logout:
                path: api_token_invalidate

    access_control:
        - { path: ^/api/token/refresh, roles: PUBLIC_ACCESS }
        - { path: ^/api/docs, roles: ROLE_ADMIN }
        - { path: ^/api/login, roles: PUBLIC_ACCESS }
        - { path: ^/admin/login, roles: PUBLIC_ACCESS }
        - { path: ^/admin, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

routes.yaml:

api_login_check:
    path: /api/login
    methods: ['POST']

controllers:
    resource: ../src/Controller/
    type: annotation

kernel:
    resource: ../src/Kernel.php
    type: annotation

api_token_refresh:
    path: /api/token/refresh
    controller: gesdinet.jwtrefreshtoken::refresh

api_token_invalidate:
    path: /api/token/invalidate
+1
valentin-harrang on May 5, 2022

If you’re getting an error about the Symfony\Component\Security\Guard\AbstractGuardAuthenticator class missing, then something’s still trying to use it (maybe not this bundle specifically but somewhere in your app). Try to get a full stack trace for the error to figure out what’s calling it, that will help greatly in finding the source of the problem.

For this bundle’s CI, symfony/security-guard is explicitly removed before running the tests in the Symfony 6 environment. So there is a bit of a sanity check here with the tests to make sure that nothing’s trying to use the Security-Guard component in an unsupported environment.

+1
mbabker on Jan 21, 2022
Read more comments on GitHub
← JWTRefreshTokenBundle: Error in RefreshTokenManager - Support for doctrine/common +3.0
JWTRefreshTokenBundle: Symfony 6 Unable to find the controller for path "/api/token/refresh". The route is wrongly configured. →