Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth()->id() returns the value of the JWT 'sub' attribute, rather than User model's $primaryKey #1802

Open
rel0aded opened this issue May 2, 2019 · 3 comments
Open

auth()->id() returns the value of the JWT 'sub' attribute, rather than User model's $primaryKey #1802

rel0aded opened this issue May 2, 2019 · 3 comments
Labels
stale

Comments

@rel0aded
Copy link

rel0aded commented May 2, 2019
edited

Subject of the issue

When using the JWTAuth guard auth()->id() (which is used by various packages, such as wildside\userstamps when setting the created_by field in https://github.com/WildSideUK/Laravel-Userstamps/blob/master/src/Listeners/Creating.php) return the value set in the 'sub' attribute of the JWT rather than model's primaryKey.

This breaks using an incremental 'id' value as the server-side primary key, cross-referenced as the foreign key on other tables, but also using a public facing UUID value in the JWT.

Your environment

Q A
Bug? yes
New Feature? no
Framework Laravel
Framework version 5.8.11
Package version 1.0.0-rc.4.1
PHP version 7.2.10

Steps to reproduce

Create a model with both id and uuid attributes. Keep protected $primaryKey = 'id';

Add three methods to the User model:

/**
  * Get the identifier that will be stored in the subject claim of the JWT.
  *
  * @return mixed
  */
public function getJWTIdentifier()
{
    return $this->uuid;
}

/**
  * The key name to use as the JWT's subject
  * 
  * @return string
  */
public function getAuthIdentifierName()
{
    return 'uuid';
}

/**
  * Return a key value array, containing any custom claims to be added to the JWT.
  *
  * @return array
  */
public function getJWTCustomClaims()
{
    return [
    ];
}

Issue a valid JWT token for the user, and execute the following closure

Route::get('/test', function () {
        \JWTAuth::parseToken()->authenticate();
        dd(auth()->id());
    });

Behaviour

I'd expect auth()->id() to be 1 (the primaryKey of User); instead I get the UUID of the user back.

dd(auth()->id());
"00000000-0000-0000-0000-000000000000"

dd(Auth::id());
"00000000-0000-0000-0000-000000000000"

dd(Auth::user()->id);
1

dd(Auth::user()->getKey());
1
@rel0aded
Copy link
Author

rel0aded commented May 2, 2019

This may be a bug in Wildside\Userstamps instead, if it's decided that auth()->id() is working as intended here.

I have temporarily resolved this in my code by overriding each model's registerListeners() method, and using my own Listener methods to return auth() ->user() -> id instead.

I still think this is a bug in jwt-auth though, I can see other libraries using the same call, presuming it to be the model's primaryKey. However, I am happy to raise a bug report there instead, once I have a definite answer this is intended behaviour.

@adiletmaks
Copy link

I have to no problems. I use Laravel Framework 5.8.35

@stale
Copy link

stale bot commented Dec 25, 2020

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@stale stale bot added the stale label Dec 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rel0aded @adiletmaks