Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v2.18.0 Incompatible with lcobucci/jwt ^3.4 #1114

Closed
fracsi opened this issue Feb 9, 2023 · 5 comments · Fixed by #1115
Closed

v2.18.0 Incompatible with lcobucci/jwt ^3.4 #1114

fracsi opened this issue Feb 9, 2023 · 5 comments · Fixed by #1115

Comments

@fracsi
Copy link
Contributor

fracsi commented Feb 9, 2023
edited
Loading

#1109 introduced LooseValidAt constraint from lcobucci/jwt, but the class only exists on 4.0.x and above, but the composer.json states that the bundle is compatible with: lcobucci/jwt: "^3.4|^4.0".

Installing lcobucci/jwt:^3.4 with lexik/jwt-authentication-bundle:v2.18.0 results in error:
Error: Class "Lcobucci\JWT\Validation\Constraint\LooseValidAt" not found

Possible solutions:

  • Check if LooseValidAt class is available, if not use ValidAt class.
  • Make this bundle only compatible with lcobucci/jwt:^4.0
@webhdx webhdx mentioned this issue Feb 9, 2023
Merged
@rsvitak
Copy link

rsvitak commented Feb 9, 2023
edited
Loading

The second proposal of @fracsi would solve the code incompatibility, but then it would invalidate the minimum php version of lexik/jwt-authentication-bundle:2.18 as the lcobucci/jwt:4.0 requires PHP8.1, which is in conflict with announced minimum requirements of SF5.4....

I am currently facing the same issue. I have temporarily solved this by downgrading to lexik/jwt-authentication-bundle:2.10 and adapting my api firewall configuration back to the old "guard" style.

api: 
            pattern: ^/api/
            stateless: true
            provider: app_user_provider
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator
            #jwt: ~ cannot be used due to the version of the version of the package lexik_jwt_authentication - the default version cannot be used as it requires version of lcobucci/jwt that doesn't contain the LooseValidAt

But I am not very happy with that solution as I am not sure about all consquences of the downgrade to lexik/jwt-authentication-bundle:2.10 in SF5.4... Would anyone advise a better solution? I know that upgrading to PHP^8.1 would probably be the best, but I cannot afford that now due to missing interbase extension in PHP8... :-\

@mbabker
Copy link
Contributor

mbabker commented Feb 9, 2023

I have temporarily solved this by downgrading to lexik/jwt-authentication-bundle:2.10

Why all the way down to 2.10? Why couldn't you just pin to 2.17?

@rsvitak
Copy link

rsvitak commented Feb 9, 2023
edited
Loading

Why all the way down to 2.10? Why couldn't you just pin to 2.17?

Thank you! I was too blind to see there's a more suitable version for downgrading...

@chalasr
Copy link
Collaborator

chalasr commented Feb 10, 2023

I'm going to fix this tomorrow, thanks for the report.

@maxhelias maxhelias mentioned this issue Feb 10, 2023
Merged
@chalasr
Copy link
Collaborator

chalasr commented Feb 13, 2023

Released in https://github.com/lexik/LexikJWTAuthenticationBundle/releases/tag/v2.18.1. Thanks for the report @fracsi and thanks @maxhelias for the quick fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix ci 2.x maxhelias/LexikJWTAuthenticationBundle
4 participants
@mbabker @fracsi @rsvitak @chalasr