Session Identifier forces use of 'username' array key

[utdrmac]

I'm attempting to integrate Google Auth login to my CakePHP app. Google uses an array (access_token) with keys (token_id, created, expires_in, etc) to store token information about your successful auth to google's API.

		$service->loadAuthenticator('Authentication.Session', [
			'sessionKey' => "access_token",
			'identify' => true,
			'fields' => [ 'token' => 'access_token' ]
                  ]);

The above code results in a warning: Undefined array key "username" For whatever reason, the $_defaultConfig:fields[] array (src/Authenticator/SessionAuthenticator.php:41) is being merged with the values I'm passing, rather than my values overriding the defaults.

Then, the secondary issue is that the SessionIdentifier is looking for fields passed above, "inside" the array passed as the username array key (src/Authenticator/SessionAuthenticator.php:70). Instead of simply passing the entire $access_token and all its keys/values, I have to fetch each key individually (as separate fields) to pass them to the Identifier class, only to have to recombine them into a single array so that the Google API can read it correctly.

There is no way to access top-level Session keys using this authenticator. You can only access the keys inside whatever array you pass as sessionKey. Thus, if your $_SESSION looks like this:

  $_SESSION = [ 'key1': 'val1', 'key2': [ 'key2b': 'val2b', 'key2c': 'val2c' ] ]

and you set the following:

		$service->loadAuthenticator('Authentication.Session', [
			'sessionKey' => "key2",
			'identify' => true,
			'fields' => [ 'username' => 'key1' ]
                  ]);

key1 will be searched for inside key2 and the Identifier will not have access to key1/val1.

Please consider allowing users to properly override the fields, and allow passing a single array.