Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Customizable User ID Claim #537

Merged
merged 1 commit into from
Aug 10, 2018
Merged

Customizable User ID Claim #537

merged 1 commit into from
Aug 10, 2018

Conversation

Spomky
Copy link
Contributor

@Spomky Spomky commented Jul 23, 2018

This PR modifies the claim used to store the user ID in tokens.
Prior this PR, the claim was the same as the user_entity_field option (e.g. username).

Now the user ID claim can be customized to the standard claim sub (subject) as per the RFC7519 section 4.1.2 or any other value (e.g. user_id).

A new configuration option s added: user_id_claim. If null, it will have the same value as user_entity_field.

This PR also allow a BC with tokens that have already been issued by an application.

@Spomky Spomky changed the title Subject claim set to "sub" Customizable User ID Claim Aug 3, 2018
Copy link
Collaborator

@chalasr chalasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 minor comment, nice work!

/**
* @var string
*/
protected $userIdClaim;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's make it private to reduce the maintenance cost, it's exposed through a getter

@Spomky
Copy link
Contributor Author

Spomky commented Aug 10, 2018

Should be fine now.
Minor comment took into account.

@chalasr
Copy link
Collaborator

chalasr commented Aug 10, 2018

Thank you @Spomky.

@chalasr chalasr merged commit 0862239 into lexik:master Aug 10, 2018
chalasr added a commit that referenced this pull request Aug 10, 2018
This PR was squashed before being merged into the 2.x-dev branch (closes #537).

Discussion
----------

Customizable User ID Claim

This PR modifies the claim used to store the user ID in tokens.
Prior this PR, the claim was the same as the `user_entity_field` option (e.g. `username`).

Now the user ID claim can be customized to the standard claim `sub` (subject) as per the [RFC7519 section 4.1.2](https://tools.ietf.org/html/rfc7519#section-4.1.2) or any other value (e.g. `user_id`).

A new configuration option s added: `user_id_claim`. If null, it will have the same value as `user_entity_field`.

This PR also allow a BC with tokens that have already been issued by an application.

Commits
-------

0862239 Customizable User ID Claim
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants