JWTRefreshTokenBundle: Symfony 6 Unable to find the controller for path "/api/token/refresh". The route is wrongly configured.
In symfony 6 refresh token not working properly because it unable to find the controller. Do you have any solution for this case ?
security.yaml -> firewalls:
# ...
firewalls:
api_token_refresh:
pattern: ^/api/token/refresh
stateless: true
refresh_jwt: ~
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
json_login:
check_path: /api/login
username_path: uusr_login
password_path: uusr_pass
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api/
stateless: true
provider: app_user_provider
jwt: ~
main:
provider: app_user_provider
logout:
path: app_logout
# ...
router.yaml:
api_login:
path: /api/login
methods: ['POST']
gesdinet_jwt_refresh_token:
path: /api/token/refresh
About this issue
- Original URL
- State: open
- Created 2 years ago
- Reactions: 11
- Comments: 26 (3 by maintainers)
Hi !
I recently had the same problem with Symfony 6.2 and PHP 8.1.
Fortunately, I got the solution.
It seems that the refresh route has been configured to accept only some pattern of url. I test some url for this route and the controller was not the problem. The problem came from the path of our routes. By the look of it, routes path like
/auth/refresh/tokenare bad where routes path likeapi/refresh/token(whith is recommended by the bundle in doc),refresh/tokenortoken/refreshare good !I don’t take more time to test which path occur an error or not but I think the problem is that the bundle auto configure some routes path and not others.
That is my configuration :
I have removed the path configuration in
config/routes/gesdinet_jwt_refresh_token.yamlcreated by Symfony Recipes, with this configuration it will not work again. I recommend you to remove this file because it isn’t helpful anymore. Then, my configuration is like this :Now, it works so good ! So. That solution is just temporary, I guest they will fix it. I wish I helped you. 👍🏾
This happens because in the latest release the authenticator only reports support for requests where the refresh token is present. A fix has been merged (just now) but has not yet been included in a release.
So sending an empty request will result in a 404, but using the route as intended (ie. sending the refresh token with the request in a manner the extractor can find it) should work as expected.
Until the next release, a dirty work-around could be to add the following to your route configuration:
In this case, using the route as intended will still trigger the authenticator system (and not use the defined controller) but any request to the same path where the authenticator does not trigger, will end up using the controller instead of returning a 404. Just don’t forget to remove the controller config when a new version is released.
See 1 and 2.
If anyone have route issues configuring this with SF 6.1, here is my solution: Add users provider to refresh firewall, configure new route with different path than
/api/token/refresh. For example:Work well with configuration :
You need to add provider to api_token_refresh
Ex:
after a LOT of debugging, I found that the solution is to simply add
check_path: gesdinet_jwt_refresh_tokenin the security.yaml, like this:hello, i dont know if u still need the solution , any way this ts my configuration and it works jut fine : symfony 6.2 on the routes.yaml file :
api_refresh_token: path: /api/token/refresh
on the security.yaml file this is my firewall :
also do not forget to add the access control :
@SergeMezui16 Very very thanks! ❤️ Your solution works! 😀
@youassi that is working, thanks!
Same issue here, the comment from @mv-developer didn’t solved the problem…