Open leon0399 opened 2 years ago
Messhias
commented
2 years ago We should keep both because the alg encrypt, in fact as per what I was reading (I'm having some JWS issues here in my job) this is something related to the RFC 7577 and 7575.
If I understood clearly the RFC.
leon0399
commented
2 years ago We should keep both because the alg encrypt, in fact as per what I was reading (I'm having some JWS issues here in my job) this is something related to the RFC 7577 and 7575.
If I understood clearly the RFC.
I think there is some kind of misunderstandment 😅. I'm not talking about removing any features, I'm talking about internal code refactoring, that will not only use existing and provided solutions, but also allow end-users etend library entirely inside their projects more easily
Messhias
commented
2 years ago We should keep both because the alg encrypt, in fact as per what I was reading (I'm having some JWS issues here in my job) this is something related to the RFC 7577 and 7575. If I understood clearly the RFC.
I think there is some kind of misunderstanding 😅. I'm not talking about removing any features, I'm talking about internal code refactoring, which will not only use existing and provided solutions but also allow end-users to extend library entirely inside their projects more easily
Sorry for my misunderstanding my friend hahahhaha
Anyway sounds good, but for this enhancement I believe will be quite harder since the project if looks deeply it works very attached the things between each other, so I believe if we're going forward with that let's split into small parts to keep tests/project running (mainly for us that we already have it working in our production projects/jobs).
Messhias
commented
1 year ago @mfn / @eschricker can we close this one?
eschricker
commented
1 year ago I have looked at the articles mentioned in the documentation. In my opinion, we should leave this open. From my point of view, this looks like a very useful revision.
Messhias
commented
1 year ago I have looked at the articles mentioned in the documentation. In my opinion, we should leave this open. From my point of view, this looks like a very useful revision.
So basically we have to choose on of the drivers and follow up with them right?
mfn
commented
1 year ago I think this issue makes sense and should be kept open,
I've a few comments but I'm not 110% sure the apply to a possible solution to this:
https://github.com/namshi/jose is effectively abandoned, see https://github.com/namshi/jose#deprecation-notice
Hi there,
as much as we'd like to be able to work on all of the OSS in the world, we don't actively use this library anymore This means that new features / bugfixes / etc will only be merged based on pull requests from external contributors, and we strongly recommend you look for a long-term alternative.
If you're looking for an actively maintained library check firebase/php-jwt out!
I mean the documentation we have does not even mention this driver at all.
That other package https://github.com/firebase/php-jwt is not a drop-in replacement for namshi/jose and therefore would need it's own driver.
Just some ideas :-}
Subject of the issue
Right now multiple drivers for JWT (
lcobucci/jwtandnamshi/jose), Auth and Storage uses some custom hacky solution (1, 2, when Laravel provides special solution for that (1, 2, that is better suited and already used within Laravel itself