-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return value of Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\JwtTokenEncoder::generateToken() must be an instance of Lcobucci\JWT\Token\Plain, instance of Lcobucci\JWT\Token returned #57
Comments
Which version of lcobucci/jwt do you have installed? Also a stack trace of the exception might be helpful. Thanks! |
@scheb As I have PHP 7.3.22 composer installed lcobucci/jwt 3.4.4, since lcobucci/jwt 4.0+ requires PHP 7.4+ Note this issue also affects scheb/2fa-trusted-device ^5.3 when the Stack Trace (scheb/2fa-bundle 5.4.2)
|
lcobucci/jwt 3.4.* contains a compatibility layer for version lcobucci/jwt 4.*, so it is in fact possible to call the library with the signatures from version 4, even when you are using 3.4.*. That's the reason why the signatures have changed, to make the bundle compatible with both versions. Just from the perspective of the code I cannot really trace down the issue. In v3.4.* I have to try and setup a test environment with exactly those versions, see if I can reproduce the issue. |
I forced the integration test suite to execute with PHP7.3 and got almost the same environment as yours: https://github.com/scheb/2fa/runs/1881875528?check_suite_focus=true PHP 7.3.27 and if you look into "Display dependency versions":
The integration test suite is definitly exection that piece of code, but no issue. I have the suspicion this has something to do with class autoloading and was actually able to reproduce the exception by generating the Composer autoloader with Did you use the |
@scheb thanks for looking into the issue more in-depth. Due to the issue being caused by the return type-hint conflict not loading aliases when using To circumvent the issue I updated my composer.json autoload definitions until I can find a better solution, thank you for tracking the root cause down. "autoload": {
"files": [
"vendor/lcobucci/jwt/src/Token/Plain.php",
"vendor/lcobucci/jwt/src/Token/Signature.php"
],
}, For clarification, looking at class_exists(\Lcobucci\JWT\Token\Plain::class);
class_exists(\Lcobucci\JWT\Token\Signature::class); The file is referenced in the autoload configuration "autoload": {
"psr-4": {
"Lcobucci\\JWT\\": "src"
},
"files": [
"compat/class-aliases.php",
"compat/json-exception-polyfill.php",
"compat/lcobucci-clock-polyfill.php"
]
}, |
Bundle version: v5.4.2
Symfony version: 4.4.19
PHP version: 7.3.22
Using authenticators (
enable_authenticator_manager: true
): NODescription
When attempting to sign in after supplying the token I receive the error on the
2fa_check
route.scheb_two_factor.yaml
security.yaml
To Reproduce
Steps to reproduce the behavior:
Additional Context
Looking at the composer dependencies for
scheb/2fa-trusted-device
, it appears that the dependency signatures were changed inlcobucci/jwt
version from 3.4 to 4.0 which requiresphp ^7.4 | ^8.0
.So the composer dependencies for
scheb/2fa-trusted-device
need to be updated tolcobucci/jwt: ^4.0
https://github.com/lcobucci/jwt/blob/4.0.0/src/Builder.php#L76
https://github.com/lcobucci/jwt/blob/3.4/src/Builder.php#L521
The text was updated successfully, but these errors were encountered: