symfony
add support for two jwt secret : publisher & subscriber
Mercure allow to have two secret, but the bundle only allow one.
https://mercure.rocks/docs/hub/config
The bundle only supports publishing, it doesn't support subscribing (for now at least), so it makes sense to support only the publishing JWT.
Indeed! You're right. Would you mind to open a PR to support setting two different keys?
I will try, but I with pleasure. No sure to understand the impact on the cookies side. But at least I can initiate it.
Le ven. 31 mai 2024, 10:55, Kévin Dunglas @.***> a écrit :
Indeed! You're right. Would you mind to open a PR to support setting two different keys?
— Reply to this email directly, view it on GitHub https://github.com/symfony/mercure-bundle/issues/91#issuecomment-2141534986, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFDJBB7AFKXB5I33N2UVULZFA3HNAVCNFSM6AAAAABIDHYRY6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBRGUZTIOJYGY . You are receiving this because you authored the thread.Message ID: @.***>
I encountered the same issue for my project where I wanted to have a cookie with subscription abilities only. This is the code I ended up doing.
Create a clearCookie(), then set its value using the TokenFactory with the right secret key since I have MERCURE_SUBSCRIBER_SECRET and MERCURE_PUBLISHER_SECRET.
<?php
namespace App\Infrastructure\Mercure\Subscriber;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\Mercure\Authorization;
use Symfony\Component\Mercure\Jwt\LcobucciFactory;
use Symfony\Component\Mercure\Jwt\TokenFactoryInterface;
class MercureCookieMiddleware implements EventSubscriberInterface
{
private readonly TokenFactoryInterface $tokenFactory;
public function __construct(
#[Autowire(env: "MERCURE_SUBSCRIBER_SECRET")]
string $secret,
private readonly Authorization $authorization,
)
{
$this->tokenFactory = new LcobucciFactory($secret);
}
public static function getSubscribedEvents(): array
{
return [
KernelEvents::RESPONSE => ['setMercureCookie'],
];
}
public function setMercureCookie(ResponseEvent $event): void
{
$response = $event->getResponse();
$request = $event->getRequest();
// ...Some additional logic here
$cookie = $this->authorization->createClearCookie($request, null)
->withExpires(0)
->withValue($this->tokenFactory->create($channels, null, []));
$response->headers->setCookie($cookie);
}
}
Hello, any news concerning this issue ? If not I would be glad to give it a try and open a PR :)
Nope, PR welcome! It should aim to keep the configuration as simple as possible. Also backward compatibility should be taken into account, and the less revolution/deprecations this change implies the better it is.
