Closed jponge closed 3 years ago
@jponge the goal to keep all user object internal state consistent between all auth modules was that:
principal
contains unmodified/undecoded data that can at any moment be used to create the objectattributes
contains decoded data/data that can mutate during a sessionThis means that the property you're looking for, now lives on ctx.user().attributes()
I can try to revert it back/keep it back on principal()
But I would need to do it too for OAuth2. What's your opinion?
These are book examples, I cannot make a fix since that code is in print, so we need to have principal
return the token attributes entries like it used to be a few weeks back.
It's probably worth being consistent in OAuth as well.
The best is to keep the old behaviour, introduce .attributes()
, and document that principal
will no longer return the entries at some point in the future.
Can we have it in 4.0.0.CR2?
Sure, I'll get it done today
Fixed in vertx-auth
/ master
, waiting for 4.0.0.CR2
Running the code of https://github.com/jponge/vertx-in-action/tree/master/part2-steps-challenge I have failures with the JWT web handler (all other tests pass).
The tests that fail are those where a user shall be identified using JWT:
Digging into what happens:
The call to
principal
returns aJsonObject
that does not contain the JWT token data. Instead it has a singleaccess_token
entry whose value is the token string. This is a regression, and likely a bug, or I am just missing something obvious but that code used to work.