Closed carnage closed 3 years ago
Fairly sure it's an environment thing, but I'd expect an exception instead of an empty string.
Casting an object to a string is not allowed to throw exceptions. I’d recommend using $token->toString()
instead of (string) $token
(as you seem to do now) if you are interested in getting exception. The exceptions will also be able to give you a better idea of what is going wrong.
(__toString()
specifically catches all Throwables
and returns an empty string if things go wrong.)
@Zegnat is completely spot-on here.
Try doing ->toString()
instead, and you'll get (likely) a SodiumException.
The only way we can mitigate this is to set the minimum PHP version to 7.4 in the next PASETO release.
Code in this repository: https://github.com/conferencetools/auth-module/blob/master/src/Auth/Extractor/PasetoCookie.php results in an empty cookie being set on my production env; works fine in dev.
PHP environment is
Fairly sure it's an environment thing, but I'd expect an exception instead of an empty string.
Interesting addendum: switched to V1 and it works fine. Suspect it might be something alpine/libsoduim related.