-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: JWT Authenticator #195
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking awesome! I had no idea you were working on this, I would have guessed version 1.1 or 1.2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's great to see a JWT implementation coming! Thanks for this.
However, I do have a couple of concerns with the current implementation.
-
Choice of implementation. Why choose Firebase's implementation? I think the best reason is probably that it's backed by Google, but according to the the JWT site, it doesn't provide the most complete implementation. That might not be all bad, though. Honestly, I kind of had it in mind that if we ever included JWT we'd roll our own since the implementation of a JWT is pretty straight-forward. Not sure if that's worth considering to remove the reliance on a third-party libs changes, etc.
-
I think you may have over-architected it. I've commented on a few classes along the way, but in general I think we should strive for as simple of an architecture as the library allows.
This would also require updating all docs and adding new docs.
I don't think we'll be able to get this one in before the initial release.
src/Authentication/TokenGenerator/JWT/JWTGeneratorInterface.php
Outdated
Show resolved
Hide resolved
There are some parts of this feature that require consideration of specifications. |
I googled CodeIgniter4 jwt, and found most tutorials use Firebase implementation. But I know it doesn't provide the most complete implementation, so I made it replaceable. |
It is also commonly used in my country. |
443000b
to
0a0920e
Compare
7c2720f
to
a85c422
Compare
I don't remember much of the implementation as a lot of time has passed, but I think the implementation itself was done in one way or another. If there is someone who wants to try JWT, please test. Of course code reviews are also welcome. |
My only JWT CI4 project currently uses Myth and I've had issues installing Shield alongside because they have some conflicting services and factories. I know some community members have been keen on this - maybe check the forums for volunteers? |
Good idea! I've posted the forum. |
it finished? how to use this branch? |
This should work. You can get the code from my repository: |
Update your --- a/composer.json
+++ b/composer.json
@@ -7,7 +7,8 @@
"require": {
"php": "^7.4 || ^8.0",
"codeigniter4/framework": "^4.0",
- "codeigniter4/shield": "^1.0@beta"
+ "codeigniter4/shield": "dev-feat-jwt",
+ "firebase/php-jwt": "^6.2"
},
"require-dev": {
"fakerphp/faker": "^1.9",
@@ -36,5 +37,11 @@
"slack": "https://codeigniterchat.slack.com"
},
"minimum-stability": "dev",
- "prefer-stable": true
+ "prefer-stable": true,
+ "repositories": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/kenjis/codeigniter-shield.git"
+ }
+ ]
} Run |
What is the status on JWT authentication? Any TODOs I could help with? |
58f6d62
to
324bcb7
Compare
Rebased to resolve conflicts. |
The implementation was finished. I need to write docs.
Testing and review. As you see, no one has approved this PR yet. |
@kenjis will try to do today. |
Question, how can the site administrator make the tokens expire in general? (I think he should change the secret code. If so, I'd prefer you explain it in the documentation.) And the next question is there a way to expire the token for a specific user? Please update the README file, the reference to support JWT is good. |
Tokens are to be validated by defining the conditions that make it invalid. If you want to invalidate tokens to a specific user, you can do it by specifying the user ID and issued at. Also, as you say, If you change the key, all tokens signed with that key will be invalidated. |
Co-authored-by: Pooya Parsa Dadashi <pooya_parsa_dadashi@yahoo.com>
It is an optional authenticator.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kenjis, thanks, everything seems to be working fine now.
@datamweb Thank you for the detailed review! |
@MGatner Can you approve? Without your approve, I cannot merge this. |
There is no need to change the status code since a validation error is still an authentication failure. See codeigniter4#195 (comment)
Thank you all! |
It seems Psalm does not allow to use `resource` in @template type. See - codeigniter4/settings#60 (comment) - codeigniter4/shield#195 (comment)
It seems Psalm does not allow to use `resource` in @template type. See - codeigniter4/settings#60 (comment) - codeigniter4/shield#195 (comment)
Needs #703Needs to rebase after merging #194, #199Add:
Config\AuthJWT
Authentication\Authenticators\JWT
Filters\JWTAuth
Authentication\JWTManager
=service((jwtmanager)
How to Test/Use:
Sample Test App:
TODO: