mbabker
commented
1 year ago CI's blocked by #348
Rebased and G2G
Open mbabker opened 1 year ago
mbabker
commented
1 year ago CI's blocked by #348
Rebased and G2G
shakaran
commented
10 months ago @mbabker maxhelias any chance of this get merged soon? which is needed to progress this?
markitosgv
commented
7 months ago @mbabker is it safe to merge this old PR?
mbabker
commented
6 months ago @markitosgv Yes, this is good to merge
See https://github.com/markitosgv/JWTRefreshTokenBundle/pull/347/files/dd75327f8d93d178fa32cbaac929c90a84548ab0#r1037883273 for context
The 2.0 proposal includes changing how the logout listener that handles token and cookie invalidation is configured. In the 2.0 branch, the listener is configured based on the authenticator configuration instead of the global bundle configuration, which allows improving multi-firewall compatibility by configuring the listener differently for each firewall. This provides a compatibility layer to start moving that config in a future 1.x release.
Note that there are a couple of functional B/C breaks here:
LogoutEventListeneris turned into an abstract service definition that is used to configure concrete services, this impacts folks who might be using compiler passes in their own application to tweak this servicelogout_firewallconfig node to default to null instead of "api", this is both a bug fix and a B/C break in that with the default config as it was previously you couldn't really turn off the listener without a compiler passThis also adds tests for the
LogoutEventListenerclass, previously untested.