feat: 3.x migrate to "lcobucci/jwt" v5 #1157
Conversation
feat: add support for psr/clock
feat: add support for psr/clock
|
First run failed because of missing PHP 8.2 failed because of #1152 |
feat: add support for psr/clock
|
Can the fix from https://github.com/lexik/LexikJWTAuthenticationBundle/pull/1119/files or 2.x merged upstream for 3.x? |
|
I just noticed that @maxhelias used an different approach for 2.x #1125 |
Chris53897
changed the title
|
Hi @Chris53897, 2.x should be merge on 3.x to correct compatibility |
|
After that is done, we could discuss what are the best options.
|
|
@Chris53897 Thanks for the PR, I'm gonna review and merge soon. I'd plan to finish and release v3.0 somewhere around 2024' first quarter. |
|
Thanks. The chance for additional PRs for the tasks is not so high. My actual main focus is on PRs to support symfony 7 and php 8.3 for repos. |
|
That's fine, thanks for telling me. |
| @@ -53,6 +53,7 @@ | |||
| "require-dev": { | |||
| "phpunit/phpunit": "^9.5", | |||
| "symfony/browser-kit": "^5.4|^6.0", | |||
| "symfony/clock": "^6.3", | |||
There was a problem hiding this comment.
as you instantiate a Symfony Clock when no clock is provided, this is not really an optional dependency.
There was a problem hiding this comment.
Thanks for the feedback.
I am not sure if this should be tied to "symfony/clock" or if it is possible to just add the requirement that it needs a repo that implements "psr/clock" and let the user decide, which one to chose. require psr/clock-implementation?
https://packagist.org/?query=clock
The linked PR from @Dean151 makes the dependency optional.
There was a problem hiding this comment.
Well, your implementation is the one making it non-optional.
However, as this package is a Symfony bundle, I would not be too concerned about being bring a dependency on the Symfony component.
| @@ -49,10 +47,10 @@ class LcobucciJWSProvider implements JWSProviderInterface | |||
| /** | |||
| * @throws \InvalidArgumentException If the given crypto engine is not supported | |||
| */ | |||
| public function __construct(KeyLoaderInterface $keyLoader, string $signatureAlgorithm, ?int $ttl, ?int $clockSkew, bool $allowNoExpiration = false, Clock $clock = null) | |||
| public function __construct(KeyLoaderInterface $keyLoader, string $signatureAlgorithm, ?int $ttl, ?int $clockSkew, bool $allowNoExpiration = false, ClockInterface $clock = null) | |||
There was a problem hiding this comment.
You should also update the service definition to inject the clock service defined by FrameworkBundle when it is available (using on-invalid="null" to handle cases where the service is disabled) to use the clock configured in the container.
feat: add support for psr/clock
To be honest i do not have much knowledge about this topic.
I just followed this mirgration guide https://lcobucci-jwt.readthedocs.io/en/latest/upgrading/
V5 does use psr/clock, instead of v4 with there own clock implementation.
As this is a new major version, i see no need to support versions <5
I added this PR for 3.x Branch as well. But could be a seperate PR if you want to.
#1155