Symfony JWT 令牌：令牌过期时出现异常

Question

我正在使用 JWT 令牌包进行用户身份验证。当令牌过期时，我收到 500 服务器错误。除了这个之外，我如何返回带有错误代码和消息的 JsonResponse ？

这是我的验证器类：

 class JwtTokenAuthentication extends AbstractGuardAuthenticator
{
/**
 * @var JWTEncoderInterface
 */
private $jwtEncoder;

/**
 * @var EntityManager
 */
private $em;

public function __construct(JWTEncoderInterface $jwtEncoder, EntityManager $em)
{
    $this->jwtEncoder = $jwtEncoder;
    $this->em = $em;
}


public function getCredentials(Request $request)
{
    $extractor = new AuthorizationHeaderTokenExtractor(
        'Bearer',
        'Authorization'
    );
    $token = $extractor->extract($request);
    if (!$token) {
        return null;
    }

    return $token;
}

public function getUser($credentials, UserProviderInterface $userProvider)
{
    $data = $this->jwtEncoder->decode($credentials);
    if(!$data){
      return null;
    }
    $user = $this->em->getRepository("AlumnetCoreBundle:User")->find($data["email"]);
    return $user;
}

public function checkCredentials($credentials, UserInterface $user)
{
    return true;
}

public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
    //todo
}

public function start(Request $request, AuthenticationException $authException = null)
{
    return new JsonResponse([
        'errorMessage' => 'auth required'
    ], Response::HTTP_UNAUTHORIZED);
}
}

Answer 1

您可以在 try-catch 中解码令牌：

try {
    $data = $this->jwtEncoder->decode($credentials);
} catch (\Exception $e) {
    throw new \Symfony\Component\Security\Core\Exception\BadCredentialsException($e->getMessage(), 0, $e);
}

但是您可能必须实现缺少的内容，onAuthenticationFailure因为抛出此异常将使其被调用。就像是：

public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
    return new JsonResponse([
        'errorMessage' => $exception->getMessage(),
    ], Response::HTTP_UNAUTHORIZED);
}

JWTTokenAuthenticator顺便说一句，LexikJWTAuthenticationBundle自 2.0 版本以来就带有内置功能。我建议您在实现自己的身份验证器之前尝试使用它，或者至少扩展它。