antograssiot
commented
7 years ago I use namshi/jose at work and it works well but @ADmad existing plugin already uses firebase/php-jwt.
Closed burzum closed 7 years ago
antograssiot
commented
7 years ago I use namshi/jose at work and it works well but @ADmad existing plugin already uses firebase/php-jwt.
burzum
commented
7 years ago I've used firebase/php-jwt before as well.
markstory
commented
7 years ago firebase/php-jwt looks like a nice implementation. Could a jwt implementation be a 'suggest' package?
josegonzalez
commented
7 years ago @markstory why not just include it outright?
harikt
commented
7 years ago @josegonzalez it may not be needed for everyone. Why do you want to force it ? I think cakephp/orm itself can be out. So people can write pdo classes also.
josegonzalez
commented
7 years ago It just seems like a common enough thing that we'd want to include it with the base package, but maybe thats just me.
harikt
commented
7 years ago Regarding firebase / jose , I am not sure about HS512 , RS512, ES384 , ES512 etc are missing for firebase. I haven't worked with those to comment on the same.
Another library to consider is http://bshaffer.github.io/oauth2-server-php-docs/grant-types/jwt-bearer/ . It helps to use oauth2 also if needed.
Source repo : https://github.com/bshaffer/oauth2-server-php
harikt
commented
7 years ago It just seems like a common enough thing that we'd want to include it with the base package
Anyone can add anything to their project, but I cannot remove a dependency of a library on my project ;-) .
ADmad
commented
7 years ago A JWT authenticator should be included in the plugin but it's dependency shouldn't be added to the plugin but provided as suggest.
ADmad
commented
7 years ago My admad/cakephp-jwt-auth plugin uses firebase/php-jwt and no one has reported any problems with it.
burzum
commented
7 years ago @ADmad I've started working on this in https://github.com/cakephp/authentication/tree/jwt-token
I'm sure you'll have some more ideas. I'm reusing most of the code from the token identifier, which I extend. I just realized I did something wrong with the "sub" part. Need to add this as well.
burzum
commented
7 years ago Closing this because a PR is up here https://github.com/cakephp/authentication/pull/51
JWT is pretty common these days and I think we should provide out of the box support for it.
This should be very easy to do with the already existing basic token authenticator. Just extend it and use a JWT lib. The question is which JWT lib do we want to use? We clearly don't want to reinvent the wheel.
Here is a list of libs, go down to php https://jwt.io/