I am facing a very strange problem. If I enter this following url in my browser it returns the user correctly
http://192.168.0.100:8000/app/getUser?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC8xOTIuMTY4LjAuMTAwOjgwMDBcL2FwcFwvbG9naW4iLCJpYXQiOjE1Nzk5NjAwMTcsImV4cCI6MjQyODU4ODAwMTcsIm5iZiI6MTU3OTk2MDAxNywianRpIjoiYlFiYXIyVEJIdVJNN1lUSCIsInN1YiI6MTcsInBydiI6Ijg3ZTBhZjFlZjlmZDE1ODEyZmRlYzk3MTUzYTE0ZTBiMDQ3NTQ2YWEifQ.KLsnS769zthfFWth5Z4BeWDP6K0zEQ5eTONpKdlJMbA
But if I send a get request from postman or my app, it gives me error like this
[2020-01-25 13:49:43] local.ERROR: Token Signature could not be verified. {"userId":17,"exception":"[object] (Tymon\\JWTAuth\\Exceptions\\TokenInvalidException(code: 0): Token Signature could not be verified. at /Users/mdzainalabedin/laravel/olvboxapi/vendor/tymon/jwt-auth/src/Providers/JWT/Lcobucci.php:137)
[stacktrace]
#0 /Users/mdzainalabedin/laravel/olvboxapi/vendor/tymon/jwt-auth/src/Manager.php(101): Tymon\\JWTAuth\\Providers\\JWT\\Lcobucci->decode('eyJ0eXAiOiJKV1Q...')
#1 /Users/mdzainalabedin/laravel/olvboxapi/vendor/tymon/jwt-auth/src/JWT.php(200): Tymon\\JWTAuth\\Manager->decode(Object(Tymon\\JWTAuth\\Token))
My function is this
public function getUserInfo(Request $request){
\Log::info($request);
return $user = JWTAuth::parseToken()->authenticate();
}
Both has valid same token but still gives different result. Any idea what could be wrong? Thank you.
your question is unclear about how you pass the token using postman
but i guess using the below method to passing the token would solve the problem:
Bearer
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC8xOTIuMTY4LjAuMTAwOjgwMDBcL2FwcFwvbG9naW4iLCJpYXQiOjE1Nzk5NjAwMTcsImV4cCI6MjQyODU4ODAwMTcsIm5iZiI6MTU3OTk2MDAxNywianRpIjoiYlFiYXIyVEJIdVJNN1lUSCIsInN1YiI6MTcsInBydiI6Ijg3ZTBhZjFlZjlmZDE1ODEyZmRlYzk3MTUzYTE0ZTBiMDQ3NTQ2YWEifQ.KLsnS769zthfFWth5Z4BeWDP6K0zEQ5eTONpKdlJMbA
Related
I have a component SeenRecentlyProduct and return code:
return response()->view('components.products.seen-recently-product', compact('seenRecentlyProducts'))
->withCookie($cookie);
I get an error:
Illegal offset type in isset or empty
If I write this code in the controller, it works well. If I remove response() from the component, the same works well. Help please resolve the issue with the response and cookie in the component.
I am new to Facebook Application development.
At a point in my App, I want to revoke the permission that my App have on the user's profile.
At this time
I want to Run a code that will take back all the set permissions for the App on the user's profile.
I have searched the web and I found:
https://developers.facebook.com/docs/facebook-login/permissions/requesting-and-revoking
I want to see some working code to revoke all the permissions that my App has on this user's profile.
What is the delete endpoint and how do I call it ?
I have tried to do this:
$response = $fb->delete("/permissions", $_SESSION['fb_access_token']);
But this does not work, it gives me the folloowing error:
"
Fatal error: Uncaught TypeError: Argument 2 passed to Facebook\Facebook::delete() must be of the type array,
string given, called in /index.php on line 454 and defined in Facebook/Facebook.php:383
Stack trace: #0 /index.php(454): Facebook\Facebook->delete('/permissions', 'ahkadhkdhkdahkadhs...')
#1 index.php(102): step2_sub_step3(Object(Facebook\Facebook)) #2 {main} thrown in Facebook/Facebook.php on line 383
"
According to the documentation, the actual endpoint is
DELETE /{user-id}/permissions
And, the method signature is
public function delete($endpoint, array $params = [], $accessToken = null, $eTag = null, $graphVersion = null);
So your code would look more like this:
$response = $fb1->delete("/" . $userID . "/permissions", [], $_SESSION['fb_access_token']);
Notice that you need to get the user's ID first. Or, if the user is already logged in, you can use
$response = $fb1->delete("/me/permissions", [], $_SESSION['fb_access_token']);
When I try to access an end point of the API without a token I get an error, as I should. For my test I want to test I can't access the an end point without a token. The error that appears is:
Invalid JSON was returned from the route. Perhaps an exception was thrown?
How would I test to expect this error?
I am doing a check if there is a specific token in my request URI and throw a Symfony\Component\Security\Core\Exception\AccessDeniedException if there is no token or the token is wrong.
if(!isset($token) && $token != 'whatever') {
throw new AccessDeniedException('No token given or token is wrong.');
}
But when I use this AccessDeniedException, Symfony2 simply redirects to the login page. Instead, I would like to have a dedicated 403 error page (I already created app/Resources/TwigBundle/views/Exceptions/error403.html.twig file).
What would I have to change in order to achieve this? Do I have to use a PHP native Exception? But how can I tell to pass a 403 error code?
Does Symfony2 maybe have a specific 403-Exception which doesn't simply redirect to login?
Throw Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException.
That will bypass the security system and give you a 403 response which in turn will get picked up by the twig exception listener.
As of Symfony 2.6 you can use the following controller shortcut that will trigger the good exception for you:
return $this->denyAccessUnlessGranted('ROLE_EDIT', $item, 'You cannot edit this item.');
I have a project with simple authentication by mysql database with username and password. I have simple form for authentication with 3 fields: pass, user and yubico key. I want to have two variants of authentication: by login+pass and by only yubico key. Now I created custom Authentication Provider by tutorial in this topic.
As a result, it does not work. I get this error log:
exception
'Symfony\Component\Security\Core\Exception\BadCredentialsException'
with message 'Bad credentials' in
E:\Dropbox\hmciAdmin\vendor\symfony\symfony\src\Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider.php:70
Stack trace: #0 E:\Dropbox\hmciAdmin\app\cache\dev\classes.php(183):
session_start() #1
E:\Dropbox\hmciAdmin\app\cache\dev\classes.php(277):
Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage->start()
My code here:
https://dl.dropbox.com/u/30086473/Authentication/Firewall/YubicoListener.php
https://dl.dropbox.com/u/30086473/Authentication/Provider/YubicoProvider.php
https://dl.dropbox.com/u/30086473/Authentication/Token/YubicoToken.php
https://dl.dropbox.com/u/30086473/Authentication/Token/config/services.yml
https://dl.dropbox.com/u/30086473/Authentication/Token/config/config/security.yml
UPDATE:
https://dl.dropbox.com/u/30086473/YubicoFactory.php - here Factory
UPDATE 2:
I solve this problem. The problem was that I used the same html form for both types of authorizations, but it was necessary to send yubico key to url of the page that is being protected. Now all work. Thanks all for help.