search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.32k stars 1.54k forks source link

Allow a different blacklist key via config #1914

Open christoph-kluge opened 4 years ago

christoph-kluge commented 4 years ago

Subject of the issue

In my scenario I need to use a different blacklist key which is unique across multiple generated JWT tokens but it cannot be the user id (because as user can login 1:n times).

I've discovered the following piece of code which could be easily extended with setKey.

        $this->app->singleton('tymon.jwt.blacklist', function ($app) {
            $instance = new Blacklist($app['tymon.jwt.provider.storage']);

            return $instance
                            ->setKey($this->config('blacklist_key'))
                            ->setGracePeriod($this->config('blacklist_grace_period'))
                            ->setRefreshTTL($this->config('refresh_ttl'));;
        });

Your environment

Q A
Bug? no
New Feature? no
Framework Laravel
Framework version 5.8.x
Package version 1.0.x
PHP version 7.3.x
christoph-kluge commented 4 years ago

Is there any need for someone to have this? Since it's a singleton I'm setting the key with $container->afterResolving(). I'm up to contribute if this is little extension is wanted.

     // somewhere inside a provider
        $this->app->afterResolving(Blacklist::class, function (Blacklist $blacklist) {
            $blacklist->setKey(config('jwt.blacklist_key', 'jti'));
        });
// extend jwt.php

    /*
    |--------------------------------------------------------------------------
    | Blacklist Key
    |--------------------------------------------------------------------------
    |
    | In order to invalidate tokens, you must choose a identifer inside the payload.
    | If you want to invalidate just a single token then you can keep 'jti' as default.
    | You may want to change this to some different behavior/invalidation algorithm.
    |
    */

    'blacklist_key' => env('JWT_BLACKLIST_KEY', 'jti'),
stale[bot] commented 3 years ago

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.