Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore token not having the getCredentials() method during decode #1244

Open
wants to merge 2 commits into
base: 3.x
Choose a base branch
from
Open

Ignore token not having the getCredentials() method during decode #1244

wants to merge 2 commits into from

Conversation

fmarchalemisys
Copy link

@fmarchalemisys fmarchalemisys commented Nov 2, 2024
edited
Loading

The getCredentials() method was removed from TokenInterface in Symfony 6. Beside, some tokens, such as TestBrowserToken, return null instead of the expected string type. See issue #1040.

Decoding a jwt token is only meaningful when the token is a JWTPostAuthenticationToken. Any other token can be ignored.

To fix the deprecation, the user's code must do something like this:

if (!$token instanceof JWTPostAuthenticationToken) {
    return;
}
try {
    $jwtPayload = $this->jwtManager->decode($token);
} catch (JWTDecodeFailureException) {
    return;
}
if ($jwtPayload === false) {
    return;
}
// process $jwtPayload…

Now, the questions:

  1. Do we deprecate the call with anything other than a JWTPostAuthenticationToken with the aim of restricting the type to public function decode(JWTPostAuthenticationToken $token): array|bool later on?
  2. Do we simply ignore tokens other than JWTPostAuthenticationToken without deprecation to make the use of the decode method easier?

This PR is currently aiming at the first solution but solution 2 simply requires to remove the trigger_deprecation call.

@fmarchalemisys
Ignore token not having the getCredentials() method during decode
492d1da 
The TokenInterface doesn't have a getCredentials() method anymore since
Symfony 6. Beside, some tokens, such as TestBrowserToken returns null.

Decoding a jwt token is only meaningful when the token is a
JWTPostAuthenticationToken. Any other token can be ignored.
@fmarchalemisys
Add unit tests.
1a09a46
@fmarchalemisys fmarchalemisys mentioned this pull request Nov 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@fmarchalemisys