search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.23k stars 1.55k forks source link

Using a string instead of a file path for the `private` property in `jwt.php`. #2240

Open peacefixation opened 4 months ago

peacefixation commented 4 months ago

Subject of the issue

Using a string instead of a file path for the private property in jwt.php.

Your environment

Q A
Bug? no
New Feature? yes
Framework Laravel
Framework version 9.52.15
Package version 2.0
PHP version 8.1.7

Steps to reproduce

I've just updated tymon/jwt-auth from 1.0 to 2.0 and the previous code stopped working. In jwt.php I was setting 'private' => env('JWT_PRIVATE_KEY') where JWT_PRIVATE_KEY='-----BEGIN RSA PRIVATE KEY----- etc' (i.e. a string with the contents of a .pem file).

I can get it working again by putting the contents into an actual jwt-private-key.pem file and setting my environment variable to the file path JWT_PRIVATE_KEY='file://jwt-private-key.pem' but I would prefer not to do this and use a string instead so I can set it in a secrets manager for CI and deployment environments.

Forgive me if this is an easy or stupid problem, I'm not a PHP programmer, I'm just flailing around trying to update a Laravel project to v9 and then v10.

Expected behaviour

I can set 'private' => 'a string with the contents of the jwt-private-key.pem'

Actual behaviour

I have to set 'private' => 'file://jwt-private-key.pem'