Allow secret to be also an array #138
Conversation
|
I need to ponder a bit if this is a BC break. I tend to think not, since public api does not change, so everything should be ok. |
|
I think also it's not a BC as it opens up something and doesn't narrow it down and it's a private function in the class whos signature is affected. |
|
Also related: #128 |
|
Regarding #128 I also played around a bit with that callable idea but it just adds complexity which is not necessary to solve the problem imo. Then the This is how I solve it now: class MiddlewareServiceProvider implements ServiceProviderInterface
{
/**
* Registers services on the given container.
*
* This method should only be used to configure services and parameters.
* It should not get services.
*
* @param Container $container A container instance
* @return void
*/
public function register(Container $container)
{
$container[JwtAuthentication::class] = function () use ($container) {
return new JwtAuthentication([
'secret' => $this->getSecret($container['authentication.jwks.url']),
'algorithm' => ['RS256'],
'path' => ['/private'],
]);
};
}
private function getSecret(string $jwksUrl): array
{
if (null === $jwksData = json_decode(file_get_contents($jwksUrl), true)) {
throw new \RuntimeException(sprintf('Could not read JWKS information from "%s"', $jwksUrl));
}
$secret = [];
foreach ($jwksData['keys'] as $jwk) {
$secret[$jwk['kid']] = $this->formatCert($jwk['x5c'][0]);
}
return $secret;
}
private function formatCert(string $certStr): string
{
$formattedCert = implode("\n", str_split($certStr, 64));
return "-----BEGIN CERTIFICATE-----\n".$formattedCert."\n-----END CERTIFICATE-----";
}
} |
|
Any update on this? 🙂 |
|
Not forgotten, been busy with other work. I think this change should be ok. The |
* Add test cases for secrets as array (see #138) * Make sure secret is either string or array
|
Released as |
Remove type hint for
stringin thesecret()method as firebase/php-jwt allows an array of secrets for decoding the token:https://github.com/firebase/php-jwt/blob/master/src/JWT.php#L99
I need it as I want to provide an array of secrets provided by a JKWS file. firebase/php-jwt will then automatically choose the right one out of the given ones.