Symfony 3用戶註冊的JWT認證

Question

我正在使用JWT進行認證的symfony中的API。對於JWT，我使用LexikJWTAuthenticationBundle，對於令牌刷新，我使用JWTRefreshTokenBundle。我想要做的是通過令牌認證用戶，並給它刷新令牌。 在安全性方面，我有：

firewalls: 
     # disables authentication for assets and the profiler, adapt it according to your needs 
     dev: 
      pattern: ^/(_(profiler|wdt)|css|images|js)/ 
      security: false 

     login: 
      pattern: ^/api/login_check 
      stateless: true 
      anonymous: true 
      form_login: 
       check_path:    fos_user_security_check 
       username_parameter:  username 
       password_parameter:  password 
       success_handler:   lexik_jwt_authentication.handler.authentication_success 
       failure_handler:   lexik_jwt_authentication.handler.authentication_failure 
       require_previous_session: false 
     register: 
      pattern: ^/api/register 
      anonymous: true 
      stateless: true 
     refresh: 
      pattern: ^/api/token/refresh 
      stateless: true 
      anonymous: true 
     api: 
      pattern: ^/api 
      provider: fos_userbundle 
      stateless: true 
      guard: 
       authenticators: 
        - lexik_jwt_authentication.jwt_token_authenticator 

而且我的註冊行動中我有：

/** 
    * @Route("/api/register") 
    * @Method({"POST"}) 
    */ 
    public function registerAction(Request $request) 
    { 
     $userManager = $this->get('fos_user.user_manager'); 
     $data = $request->request->all(); 

     $mailValidator = $this->get('validator.email'); 
     $mailValidator->validate($data['email']); 

     $user = $userManager->createUser(); 
     $user->setUsername($data['username']); 
     $user->setPlainPassword($data['password']); 
     $user->setEmail($data['email']); 
     $user->setEnabled(true); 

     $userManager->updateUser($user); 

     return $this->generateToken($user, 201); 
    } 

    protected function generateToken(User $user, $statusCode = 200) 
    { 
     $token = $this->get('lexik_jwt_authentication.jwt_manager')->create($user); 
     $response = array(
      'token' => $token, 
      'refreshToken' => null, 
      'username' => $user->getUsername(), 
      'mail'  => $user->getEmail(), 
     ); 

     return new JsonResponse($response, $statusCode); 
    } 

內部產生的操作方法我可以創建用戶實體的道理，但我不能設法創建刷新令牌也。對於供應商我使用FOSUserBundle，它是login_check控制器。我試圖從generateToken方法向該控制器發送post請求，但沒有成功。任何幫助，將不勝感激。

Answer 1

我不知道你是否解決了它，但刷新令牌將在成功登錄後生成。因此，註冊時不需要生成刷新令牌。這是我的代碼：

Security.yml：

security: 
encoders: 
    FOS\UserBundle\Model\UserInterface: bcrypt 

role_hierarchy: 
    ROLE_ADMIN:  ROLE_USER 
    ROLE_SUPER_ADMIN: ROLE_ADMIN 

providers: 
    fos_userbundle: 
     id: fos_user.user_provider.username_email 

firewalls: 
    login: 
     pattern: ^/login_check 
     stateless: true 
     anonymous: true 
     form_login: 
      check_path:    fos_user_security_check 
      success_handler:   lexik_jwt_authentication.handler.authentication_success 
      failure_handler:   lexik_jwt_authentication.handler.authentication_failure 
      require_previous_session: false 
    register: 
     pattern: ^/register 
     anonymous: true 
     stateless: true 
    refresh: 
     pattern: ^/token/refresh 
     stateless: true 
     anonymous: true 
    api: 
     pattern: ^/ 
     provider: fos_userbundle 
     stateless: true 
     guard: 
       authenticators: 
        - 'token_authenticator' 

access_control: 
    - { path: ^/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY } 

Service.yml：

services: 
token_authenticator: 
    class: UserBundle\Security\TokenAuthenticator 
    arguments: ['@lexik_jwt_authentication.encoder', '@doctrine.orm.entity_manager'] 

config.yml：在終端

lexik_jwt_authentication: 
    private_key_path: '%jwt_private_key_path%' 
    public_key_path: '%jwt_public_key_path%' 
    pass_phrase:  '%jwt_key_pass_phrase%' 
    token_ttl:  '%jwt_token_ttl%' 

gesdinet_jwt_refresh_token: 
    user_provider: fos_user.user_provider.username_email 
    ttl: 2592000 
    ttl_update: true 
    firewall: api 

運行：

curl -X POST http://demowebsite.com/login_check -d username=USERNAME -d password=PASSWORD 

這將產生一個令牌和刷新令牌。刷新令牌將存儲在您的數據庫表中refresh_token