Add Authenticator for Symfony 5.1+ #95
Conversation
There was a problem hiding this comment.
I think the code looks fine.
There are 2 things in this PR that makes me think about the security on a more generic level:
A) I see you're using custom passports to transfer information from the authenticate() method to the createAuthenticatedToken() method. That feels like we're still missing something in the passport - e.g. a way to add arbitrary information to a passport (a badge needs verification and a custom passport requires quite a lot of work to share some data)
B) Seems like this authenticator is quite generic (but I have no experience working with oauth2 systems). Do you think it's feasible to implement something like this class as an oauth 2 authenticator in Symfony itself (or at least a base authenticator)?
|
A) I think we could have "attributes" on |
This PR was merged into the 5.2-dev branch. Discussion ---------- [Security] Add attributes on Passport | Q | A | ------------- | --- | Branch? | master <!-- see below --> | Bug fix? | no | New feature? | yes <!-- please update src/**/CHANGELOG.md files --> | Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files --> | Tickets | n/a <!-- prefix each issue number with "Fix #", if any --> | License | MIT | Doc PR | not yet see symfonycorp/connect#95 /cc @wouterj Commits ------- 440ada3 [Security] Add attributes on Passport
This PR was merged into the 5.2-dev branch. Discussion ---------- [Security] Add attributes on Passport | Q | A | ------------- | --- | Branch? | master <!-- see below --> | Bug fix? | no | New feature? | yes <!-- please update src/**/CHANGELOG.md files --> | Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files --> | Tickets | n/a <!-- prefix each issue number with "Fix #", if any --> | License | MIT | Doc PR | not yet see symfonycorp/connect#95 /cc @wouterj Commits ------- 440ada3c5f [Security] Add attributes on Passport
No description provided.