Part 2. Read token from cookies and authenticate the user
In the Part 1 — i have described how to implement setting of auth token into the httpOnly cookies. This part of the story will be dedicated to How can we read the token back and authenticate the user.
Let’s go.
The developers of LexikJWTAuthenticationBundle claims on their docs pages that to make it true we need a slightly edit the config file (the one located here: /config/packages/lexik_jwt_authentication.yaml) as follows:
lexik_jwt_authentication:
# token extraction settings
token_extractors:
# check token in a cookie
cookie:
enabled: true
name: BEARERAfter putting that into config file i still had 401 for some requests untill i switched off the default extractor. So the final look of the token_extractors block should be as follows:
lexik_jwt_authentication:
# token extraction settings
token_extractors:
# check token in a cookie
authorization_header:
enabled: false
prefix: Bearer
name: Authorization
cookie:
enabled: true
name: BEARERTADA! That’s it.
Resuming. After completing the two parts of cookie-based authentication flow — lexik configuration should be:
lexik_jwt_authentication:
# token extraction settings
token_extractors:
authorization_header:
enabled: false
prefix: Bearer
name: Authorization
# check token in a cookie
cookie:
enabled: true
name: BEARER
set_cookies:
BEARER:
httpOnly: true
samesite: lax secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'Read Part 3 to know how can you refresh the token! See ya there!