Invalidate a JWT token - Adding the jti claim by the JWTManager class instead of doing it via a listener #1218
Conversation
|
I'd make two changes to this:
<?php
namespace Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\Compiler;
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\Compiler\PriorityTaggedServiceTrait;
use Symfony\Component\DependencyInjection\ContainerBuilder;
class CollectPayloadEnrichmentsPass implements CompilerPassInterface
{
use PriorityTaggedServiceTrait;
public function process(ContainerBuilder $container): void
{
if (!$container->hasDefinition('lexik_jwt_authentication.payload_enrichment')) {
return;
}
$container->getDefinition('lexik_jwt_authentication.payload_enrichment')
->replaceArgument(0, $this->findAndSortTaggedServices('lexik_jwt_authentication.payload_enrichment', $container));
}
}With this, I'd then update the service definition for the random JTI enrichment to be this: <service id="lexik_jwt_authentication.payload_enrichment.random_jti_enrichment" class="Lexik\Bundle\JWTAuthenticationBundle\Services\PayloadEnrichment\RandomJtiEnrichment">
<tag name="lexik_jwt_authentication.payload_enrichment" priority="0" />
</service>And update this block in the extension to add an else and remove the tag if the blocklist token feature isn't enabled (which matches the way you're redefining the service now to switch from the null enrichment to the random enrichment), so... if ($this->isConfigEnabled($container, $config['blocklist_token'])) {
// Existing code
} else {
$container->getDefinition('lexik_jwt_authentication.payload_enrichment.random_jti_enrichment')
->clearTag('lexik_jwt_authentication.payload_enrichment');
} |
|
@mbabker It's fixed, it's much better, thank you |
| @@ -174,6 +174,9 @@ public function load(array $configs, ContainerBuilder $container): void | |||
| $loader->load('blocklist_token.xml'); | |||
| $blockListTokenConfig = $config['blocklist_token']; | |||
| $container->setAlias('lexik_jwt_authentication.blocklist_token.cache', $blockListTokenConfig['cache']); | |||
| } else { | |||
| $container->getDefinition('lexik_jwt_authentication.payload_enrichment.random_jti_enrichment') | |||
There was a problem hiding this comment.
If the definition of lexik_jwt_authentication.payload_enrichment.random_jti_enrichment was placed in the Resources/config/blocklist_token.xml file, I feel like this code wouldn't have been necessary
There was a problem hiding this comment.
I think this can be cleaned up for 3.0 TBH. Things are kind of in a weird state with this stuff because the payload enrichment services should always be there but the bundle right now only needs the JTI enricher to be active when the blocklist functionality is enabled. Always turning on the JTI enricher in 2.x could be disruptive to downstream users for whatever reason, so it's probably safer to have this block for the next 2.x release, and in 3.0, the bundle defaults to always providing the JTI and a downstream app can replace/remove this service if they want to take control over that.
… instead of doing it via a listener
chalasr
force-pushed
the
fix-replace-add-claims-listener
branch
from
e405607
to
069b7bb
Compare
|
Thank you @ldaspt. |
Hello @chalasr and @mbabker,
This PR aims to address the enhancements suggested by @mbabker in the discussion of the PR #1170.
@see #1170 (comment)
Changes included:
The payload enrichment cannot be overridden via the bundle configuration, if the developer wants to overload it, he will have to decorate the service
lexik_jwt_authentication.payload_enrichment. If necessary, I can do as for thelexik_jwt_authentication.encoderservice so that this is configurable via the bundle configurationI hope the PR answers the request correctly
Please review the changes at your convenience, and I welcome any feedback or further suggestions