symfony
symfony copied to clipboard
auth0
`jwt-auth-bundle` v5 development thread
This thread is to provide updates and centralize discussion around the forthcoming 5.0 major release of jwt-auth-bundle, currently in development. As conversations had begun to splinter across a few separate issues on the subject, I thought it in our best interest to have a central place to bridge these discussions.
The 5.x-dev branch is the in-development branch representing this work. Feedback, PRs, and testing are greatly appreciated. As this branch approaches what we consider beta ready, we'll merge it into main and begin cutting pre-production releases for testing. (Until then, it should be considered experimental, unstable and has not undergone a security review yet.)
Goals for 5.0 include: 🟢 Support for the new SF 5.1+ authenticator-based security, as contributed by @mcsky 🟢 Support for SF 6, as contributed by @mkilmanas 🚧 Migration to Auth0-PHP SDK 8.0 by @evansims
Note that the new 5.x bundle release will not include support for SF versions before 5.2 or PHP versions before 7.4.
Auth0 does not currently have a timeline for a stable release on this major, but will keep you informed.
I'll be commencing work on migrating the library to the new version of the underlying Auth0 SDK sometime this week
@evansims is this feature ready for release? I have tested this branch with Symfony 6.0 and PHP 8.1, didn't find any issues.
Hi @michielkalle 👋 Thanks for testing the development branch. There's a bit more work to be done before we're ready to release this, but you are welcome to continue using the test branch meanwhile. I'm unable to provide a firm timeline right now, but this is on my radar and will receive more attention soon.
Am I missing something about trying out the development branch? None of it will run because of conflicts with the Lcobucci\JWT bundle as the 7.9.2 version of the auth0-php that the current dev version requires, because it uses a temporary fork and composer won't install properly.
Edit: Nevermind, my packages had the Symfony mercure bundle, which has an include of the main repo of Lcobucci\JWT which was causing the conflict. I can't remove mercure from my project, so I think I've got to wait until this update happens. @evansims I'm happy to contribute if you need any work done here.
@evansims I have almost everything working but I keep getting an error from the Auth0 decode service.
In the Auth0 PHP SDK, it gets here and throws an error:
Auth0\SDK\Exception\
InvalidTokenException
Provided token is missing a kid header
Which is thrown from
api/vendor/auth0/auth0-php/src/Token/Verifier.php line 135:
if ($alg === Token::ALGO_RS256) {
$kid = $this->headers['kid'] ?? null;
if ($kid === null) {
throw \Auth0\SDK\Exception\InvalidTokenException::missingKidHeader();
}
I'm not sure how we're supposed to be generating the kid header from the libraries or how that was handled before. Any ideas?
👋 Sorry for the long delay, everyone, and thanks for your patience. We're proud to announce V5.0.0-BETA0 is now available for testing! This turned into quite an extensive rewrite in the end, and we'd appreciate your help in giving it a thorough run through the paces before GA.
Please be sure to take a thorough look at README.md, as a lot has changed. The biggest addition is the SDK now has full authentication support, in addition to route authorization, but there's a lot to explore here.
With development winding down, I'll be closing this thread — but please feel welcome to create new issues around your findings on V5!