Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Suggestion] JWT Authentication key pair generation via (lexik) bundle command #1446

Closed
wiese opened this issue Oct 19, 2021 · 2 comments · Fixed by #1448
Closed

[Suggestion] JWT Authentication key pair generation via (lexik) bundle command #1446

wiese opened this issue Oct 19, 2021 · 2 comments · Fixed by #1448

Comments

@wiese
Copy link
Contributor

wiese commented Oct 19, 2021

The JWT Authentication docs show how to install and set up the lexik JWT AuthenticationBundle, incl. generating the key pair.

Apparently, the bundle now (added 8 months ago) comes with a GenerateKeyPairCommand to – as the name implies – generate the key pair. Maybe documenting the use of this console command instead of the list of CLI commands can make the api-platform docs less cumbersome and less prone to fall out of sync with the bundle.
@alanpoulain
Copy link
Member

Good idea!

@wiese
Copy link
Contributor Author

wiese commented Oct 19, 2021
edited
Loading

The command was added in lexik/LexikJWTAuthenticationBundle#817. Interestingly, the topic of permissions (cf.) did not come up there at all.

Edit: I obviously was thinking about SSH keys. The permission change here is not about restricting access (which I would have expected to correctly be done by the command), but about making sure that the webserver user has access, too (which very much belongs outside of the command).

wiese added a commit to wiese/docs that referenced this issue Oct 20, 2021
@wiese
feat: use JWT bundle's command to create keys
43eb040 
Creation of directory and files is now covered by
lexik/jwt-authentication-bundle's command.

This somewhat causes the directory/file location somewhat pop up out of
nowhere in the subsequent permission change (`setfacl`). That could be
avoided by extracting JWT_SECRET_KEY and JWT_PUBLIC_KEY from api's `.env`
file (section maintained by the bundle) but it adds bloat without apparent
benefit.

The previously documented behaviour was closer to using the `--overwrite`
option on the command, but I doubt it is in the user's best interest in
a starter guide. Using `--skip-if-exists` would make some sense, but
bailing feels like the sane option – the user obviously touched this
area before and should be made aware.

Resolves api-platform#1446
@wiese wiese mentioned this issue Oct 20, 2021
Merged
wiese added a commit to wiese/docs that referenced this issue Oct 20, 2021
@wiese @dunglas
feat: use JWT bundle's command to create keys
9789a6d 
Creation of directory and files is now covered by
lexik/jwt-authentication-bundle's command.

This somewhat causes the directory/file location to pop up out of
nowhere in the subsequent permission change (`setfacl`). That could be
avoided by extracting JWT_SECRET_KEY and JWT_PUBLIC_KEY from api's
`.env` file (section maintained by the bundle) but it adds bloat without
apparent benefit.

The previously documented behaviour was closer to using the
`--overwrite` option on the command, but I doubt it is in the user's
best interest in a starter guide. Using `--skip-if-exists` would make
some sense, but bailing feels like the sane option – the user obviously
touched this area before and should be made aware.

Resolves api-platform#1446

Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>
@wiese wiese mentioned this issue Oct 21, 2021
Merged
vincentchalamon pushed a commit to api-platform/demo that referenced this issue Nov 3, 2021
@wiese
feat: use JWT bundle's command to create keys (#234)
e3b4766 
The idea was proposed in api-platform/docs#1446
and added to the docs in api-platform/docs#1448.

The command was added to the bundle in v2.11.

Composer install was moved first to ensure that the bundle is installed.

This now attempts the permission modification (`setfacl`) irrespective of
the previous existence of the key files. While the cost of this operation
are certainly not zero, it ensures the permissions are as intended no
matter how the key files came to be and leaves the configuration of the
key file name entirely with the bundle/.env file.
billybrona added a commit to billybrona/symfony-demo that referenced this issue Nov 26, 2023
@billybrona
feat: use JWT bundle's command to create keys (#234)
96d4591 
The idea was proposed in api-platform/docs#1446
and added to the docs in api-platform/docs#1448.

The command was added to the bundle in v2.11.

Composer install was moved first to ensure that the bundle is installed.

This now attempts the permission modification (`setfacl`) irrespective of
the previous existence of the key files. While the cost of this operation
are certainly not zero, it ensures the permissions are as intended no
matter how the key files came to be and leaves the configuration of the
key file name entirely with the bundle/.env file.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: use JWT bundle's command to create keys wiese/docs
2 participants
@wiese @alanpoulain