JWT Token not found returned when user doesn't have roles

[tarlepp]

With users that have none user roles attached I get 'JWT Token not found' when I'm making any API requests. It seems that

/jwt-authentication-bundle/Security/Guard/JWTTokenAuthenticator.php

$authToken = new JWTUserToken($user->getRoles(), $user, $preAuthToken->getCredentials(), $providerKey);

/jwt-authentication-bundle/Security/Authentication/Token/JWTUserToken.php

/**
 * {@inheritdoc}
 */
public function __construct(array $roles = [], UserInterface $user = null, $rawToken = null, $providerKey = null)
{
    parent::__construct($roles);

    if ($user) {
        $this->setUser($user);
    }

    $this->setRawToken($rawToken);
    $this->setAuthenticated(count($roles) > 0);

    $this->providerKey = $providerKey;
}

Is causing the problem. Why are roles required on this case ?

[chalasr]

Hi @tarlepp,

Thank you for opening this issue.
I think there's no need for this check, an user can be authenticated without roles. After all, access controls are responsible for granting access depending on roles.
Let me make some tests and, if confirmed, come back with a fix.

If anyone has an explanation for the presence of this check...

[chalasr]

@tarlepp Re-reading your issue, I'm afraid that your problem is not that your user doesn't have roles. In fact, the only way to run into a "JWT Not Found" response is that the token can't be found in the request. By default, we check for a Authorization header with a Bearer prefix, i.e. Authorization: Bearer [YOURJWT].

[tarlepp]

@chalasr actually my tests spotted this one after I update this bundle. And I can easily to demonstrate that behaviour with my repo. If user doesn't have roles this error occurs, if user have at least one role all is ok.

See my "quick" fix for this
tarlepp/symfony-backend@2c2bad7...4c004fd

[chalasr]

@tarlepp Sorry for the delay, it is now tagged as v2.0.2. I'll try to understand why the bug leaded to this specific response.

Again, thank you for reporting this bug.