-
-
Notifications
You must be signed in to change notification settings - Fork 614
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalidate a JWT token - Adding the jti claim by the JWTManager class instead of doing it via a listener #1218
Conversation
I'd make two changes to this:
<?php
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler;
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\Compiler\PriorityTaggedServiceTrait;
use Symfony\Component\DependencyInjection\ContainerBuilder;
class CollectPayloadEnrichmentsPass implements CompilerPassInterface
{
use PriorityTaggedServiceTrait;
public function process(ContainerBuilder $container): void
{
if (!$container->hasDefinition('lexik_jwt_authentication.payload_enrichment')) {
return;
}
$container->getDefinition('lexik_jwt_authentication.payload_enrichment')
->replaceArgument(0, $this->findAndSortTaggedServices('lexik_jwt_authentication.payload_enrichment', $container));
}
} With this, I'd then update the service definition for the random JTI enrichment to be this: <service id="lexik_jwt_authentication.payload_enrichment.random_jti_enrichment" class="Lexik\Bundle\JWTAuthenticationBundle\Services\PayloadEnrichment\RandomJtiEnrichment">
<tag name="lexik_jwt_authentication.payload_enrichment" priority="0" />
</service> And update this block in the extension to add an else and remove the tag if the blocklist token feature isn't enabled (which matches the way you're redefining the service now to switch from the null enrichment to the random enrichment), so... if ($this->isConfigEnabled($container, $config['blocklist_token'])) {
// Existing code
} else {
$container->getDefinition('lexik_jwt_authentication.payload_enrichment.random_jti_enrichment')
->clearTag('lexik_jwt_authentication.payload_enrichment');
} |
@mbabker It's fixed, it's much better, thank you |
@@ -174,6 +174,9 @@ public function load(array $configs, ContainerBuilder $container): void | |||
$loader->load('blocklist_token.xml'); | |||
$blockListTokenConfig = $config['blocklist_token']; | |||
$container->setAlias('lexik_jwt_authentication.blocklist_token.cache', $blockListTokenConfig['cache']); | |||
} else { | |||
$container->getDefinition('lexik_jwt_authentication.payload_enrichment.random_jti_enrichment') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the definition of lexik_jwt_authentication.payload_enrichment.random_jti_enrichment was placed in the Resources/config/blocklist_token.xml file, I feel like this code wouldn't have been necessary
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this can be cleaned up for 3.0 TBH. Things are kind of in a weird state with this stuff because the payload enrichment services should always be there but the bundle right now only needs the JTI enricher to be active when the blocklist functionality is enabled. Always turning on the JTI enricher in 2.x could be disruptive to downstream users for whatever reason, so it's probably safer to have this block for the next 2.x release, and in 3.0, the bundle defaults to always providing the JTI and a downstream app can replace/remove this service if they want to take control over that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice
… instead of doing it via a listener
e405607
to
069b7bb
Compare
Thank you @ldaspt. |
Hello @chalasr and @mbabker,
This PR aims to address the enhancements suggested by @mbabker in the discussion of the PR #1170.
@see #1170 (comment)
Changes included:
The payload enrichment cannot be overridden via the bundle configuration, if the developer wants to overload it, he will have to decorate the service
lexik_jwt_authentication.payload_enrichment
. If necessary, I can do as for thelexik_jwt_authentication.encoder
service so that this is configurable via the bundle configurationI hope the PR answers the request correctly
Please review the changes at your convenience, and I welcome any feedback or further suggestions