Allow additional public keys to be set by value, as well as by path #1008
Conversation
|
Sounds good! Let me know when you think this is ready |
| if (!$key || !is_file($key) || !is_readable($key)) { | ||
| throw new \RuntimeException(sprintf('Additional public key "%s" does not exist or is not readable. Did you correctly set the "lexik_jwt_authentication.additional_public_keys" configuration key?', $key)); | ||
| if (!$key) { | ||
| continue; |
There was a problem hiding this comment.
what's the motivation for this change?
There was a problem hiding this comment.
I want to support having a dynamic number of additional keys using a static configuration. For example 1 additional key while a key rotation is in progress, and 0 additional keys otherwise.
I haven't been able to come up with a better way of expressing that than
lexik_jwt_authentication:
public_key: '%env(MAIN_KEY)%'
additional_public_keys:
- '%env(string:default::SECONDARY_KEY)%'But then we end up with this invalid array element when SECONDARY_KEY is not set that needs to be skipped for that to work.
I did consider trying to set the whole array via JSON like
lexik_jwt_authentication:
public_key: '%env(MAIN_KEY)%'
additional_public_keys: '%env(json:SECONDARY_KEY_JSON)%'But that's not allowed - we get the error A dynamic value is not compatible with a "Symfony\Component\Config\Definition\PrototypedArrayNode" node type at path "lexik_jwt_authentication.additional_public_keys".
I have limited experience with the Symfony config system, so perhaps I'm missing a better way of expressing this. I would be happier keeping the behaviour of throwing on encountering a falsy value and handling this situation at the config level instead, but I'm not seeing a way to do that.
chalasr
force-pushed
the
2.x
branch
2 times, most recently
from
f9db198
to
d5374bf
Compare
|
@chalasr @MatthewHepburn any update on this I running into the same issue where I want to pass through the Public key string rather than the file location and this PR would fix that issue |
|
What is missing to get this merged? |
|
Is there any update on this change please ? Because this would be very helpful and all seems ready. |
#928 added an excellent feature, allowing additional public keys to be specified.
However, unlike the main public key, this can only be specified as a file path, rather than being passed directly as a string. The ability to pass keys as strings is useful when setting keys via environment variables, so I want to be able to configure the additional public keys as either file paths or as raw strings.