JWTRefreshTokenBundle icon indicating copy to clipboard operation
JWTRefreshTokenBundle copied to clipboard

Published 20 hours ago verified publisher icon markitosgv

Unrecognized option "cookie"

Open abeal-hottomali opened this issue 3 years ago • 7 comments
trafficstars

Hi,

I'm trying to use the http-only cookie support in this bundle. I've set up the following for bundle configuration:

gesdinet_jwt_refresh_token:
    user_identity_field: email
    user_provider: security.user.provider.concrete.app_user_provider
    # Time to live for refresh token (one day)
    ttl: 86400
    cookie:
        enabled: true
        same_site: lax               # default value
        path: /                      # default value
        domain: null                 # default value
        http_only: true              # default value
        secure: true                 # default value
        remove_token_from_body: true # default value

When I cache-clear with this, however, I get the following:

!!    Unrecognized option "cookie" under "gesdinet_jwt_refresh_token". Available
!!    options are "doctrine_mappings", "entity_manager", "firewall", "manager_typ
!!    e", "object_manager", "refresh_token_class", "refresh_token_entity", "singl
!!    e_use", "token_parameter_name", "ttl", "ttl_update", "user_checker", "user_
!!    identity_field", "user_provider".

Looking at \Gesdinet\JWTRefreshTokenBundle\DependencyInjection\Configuration, I don't see where 'cookie' is established as an option, so although it seems the documentation for this is incorrect, I'm not exactly sure what to set here. Can you advise?

Tested with version 0.12, as well as 1.0.0-beta4.

abeal-hottomali avatar Nov 23 '21 18:11 abeal-hottomali

Update: it looks like the cookie support may have been added here, so that may mean it's still not in a tagged release. If that's the case, please feel free to close this issue, as this will self-resolve in time.

abeal-hottomali avatar Nov 23 '21 19:11 abeal-hottomali

@abeal-hottomali Yup, the code and documentation have already been merged to master, but there hasn't been a release yet since then.

Jayfrown avatar Dec 02 '21 01:12 Jayfrown

Hello. Is there information when it will be available? You do it according to the documentation, but try it - it doesn't work yet.

byhaskell avatar Dec 19 '21 04:12 byhaskell

Currently, the latest release is v1.0.0-beta4, which was released before this feature was merged.

By default, you're reading the documentation on the master branch, where this feature is indeed available. Until it is included in a release, you could pull the dev-master version and try it out.

Looking at the release history, it does not seem to follow a release cycle / schedule so I cannot tell when a new version will be released.

Jayfrown avatar Dec 19 '21 04:12 Jayfrown

@Jayfrown , Thanks for your prompt feedback.

byhaskell avatar Dec 19 '21 04:12 byhaskell

@byhaskell , I haven't confirmed, but I'd suspect the v0.12 release would still contain the correct documentation for the non-master branch? You could give that a try.

I've got it working for that version on my end. If it helps, here's the config I'm using (Symfony/API Platform)

# config/packages/security.yaml
security:
    firewalls:
        # Required by gesdinet/jwt-refresh-token-bundle v0.12.0
        api_token_refresh:
            pattern: ^/authentication_token/refresh
            stateless: true

# config/packages/gesdinet_jwt_refresh_token.yaml
gesdinet_jwt_refresh_token:
    firewall: api_token_refresh
    user_identity_field: email
    # Time to live for refresh token (one day)
    ttl: 86400
    user_provider: security.user.provider.concrete.app_user_provider

abeal-hottomali avatar Jan 03 '22 17:01 abeal-hottomali

@abeal-hottomali @byhaskell

v1.0.0 has been released which includes this work

Jayfrown avatar Jan 18 '22 09:01 Jayfrown