[lexik_jwt_authentication] Add recipe for v2.5 #425
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
deployed
to
ogizanagi
approved these changes
Jun 29, 2018
maxhelias
approved these changes
Jun 29, 2018
fabpot
approved these changes
Jun 30, 2018
ghost
pushed a commit
that referenced
this pull request
Jun 30, 2018
sroze
reviewed
Jun 30, 2018
| "JWT_PASSPHRASE": "%generate(secret)%" | ||
| }, | ||
| "gitignore": [ | ||
| "/%CONFIG_DIR%/jwt/*.pem" |
There was a problem hiding this comment.
Shouldn't we recommend to put these keys in var/jwt actually?
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The change requiring a new version of the recipe is that the
public_key_pathandprivate_key_pathhave been renamed topublic_keyandsecret_key.Motivation for this naming change is that they now both accept a raw key as value, which allows storing the raw key itself as an env var and configure the bundle like
secret_key: %env(JWT_PRIVATE_KEY)%or use whatever custom env var processor to resolve the raw key (I need some feedbacks before using this for the recipe config). Additionally HMAC support was added, which requires onlysecret_keyto be set with a raw secret string.Lastly, only one of the key is required by the config tree (think SSO, server needs the secret key and clients need the public one, no side require to hold both, clients must not know about the secret key).