-
Notifications
You must be signed in to change notification settings - Fork 783
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability to set encryption keys from config #683
Conversation
Can you summarize the breaking changes? Is it just the default |
Yes, that is correct, just the signature change on If you're going to publish this as a breaking release, you may also consider changing |
Hello, |
@JuanDMeGon Many cloud based hosting services, like Heroku, provide a web based interface where you can setup environment variables. Those variables are then available automatically on all instances (servers). No need to use the |
When moving from v6 to v7, there were two main changes:
I've updated the upgrade guide to reflect this. Most other changes are listed in the changelog. |
@Sephster Awesome! Thanks for jumping in on this discussion. 👍 |
I have tried this in v6.0.6 but why doesn't it work? I have tried even copying the passport.php config in my laravel project? Or is this for a v7? |
Nevermind, Found that in dotEnv file i need to escape backslash (contrary to .yml files for docker compose). after escaping \n => \n it works. |
Anybody having issues after updating
|
You know there should just be a default public and private key configured. way handier for first time laravel users. maybe just add warning or fail when the app env is not local or when it is production. but i'm probably not the first to offer this idea? |
Just wanted to chime in @reinink, thank you for this. I love this contribution and it has been a life saver more times than I can count now. ❤️ |
@reinink I have added the keys in Config Vars on heroku. But then how to tell laravel to load the keys from env instead of looking them up from the file system. |
Export the configuration using vendor:publish and make sure your env vars match the vars in the configuration file. |
Maybe a stupid question, but I am fine with publishing the config file and then having the keys set as env vars, however, at which point should the keys be generated, and where? Example, we have an app that can be deployed per client, so each deployment will need its own keys (Password grant). We can have the config file in our source control, but do we need to just run the install command locally to get keys each time we want a new set (for a new client). or... can this be somehow incorporated into our deployment scripts. (We are running the app as a stateless instance, with no file storage at all) |
@J5Dev it's best that you ask this on a support channel: My suggestion would be to do it in your first deploy manually or if you have a dynamic deploy incorporate it by adding an if check around the bash script (if you're using that) that checks if the files exist already. |
@J5Dev you should generate them once for a single environment. if you change keys, than after update you wont be able to decrypt the encrypted cookies and access token anymore. so everybody will be logged out.. |
I’m getting this error when i’m configuring passport encryption keys from .env |
|
This was added in laravel/passport#683
This was added in laravel/passport#683
Hello, can anyone help Trying to generate tokens via Laravel 8 Passport by sending an Http Request to the endpoint, (using laravel valet to deploy apps) https://project.test/oauth/token my composer :
I get this exception: It was not possible to parse your key, without specifying the reason why, I tried to google it i found nothing, stick with this for days.
|
@YassineChe; I've experienced a similar error a while ago when I tried to run my Laravel in PHP 8. Switching back to 7.x fixed it for me for the moment. |
@YassineChe please make sure you're running the very latest versions of Passport, lcobucci/jwt and OAuth2 Server. If that doesn't helps please open an issue. |
i have been experiencing some issues on with |
Which issues? All should be resolved in the latests versions. |
Currently the only way to set encryption keys in Passport is with local files (
/storage/oauth-private.key
and/storage/oauth-public.key
). However, this can be problematic in multi-server setups, where the same keys must be shared across multiple systems. In those situations, it's better to use environment variables. This PR adds the ability to do that.The PHP League's OAuth 2.0 Server library supports passing either a file path or text version of the key to their
CryptKey
class. It does this by doing a regular expression to check if the string provided matches a RSA key pattern. If yes, it automatically saves the key to a temporary file, otherwise it treats the string as a file path. Unfortunately there was a bug with this regular expression in version 6 of the League's library, which is why this also includes an upgrade to version 7.One gnarly thing here is dealing with line returns in the environment variables. Many services allow line returns (ie. Heroku), but the
vlucas/phpdotenv
library does not. To support this functionality locally, this PR automatically converts all\n
instances to proper line returns. Here is how you would define this in the.env
file: