shield feat: JWT Authenticator

~~Needs to rebase after merging #194, #199~~

add Authenticators\JWT
add Filters\JWTAuth

TODO:

[ ] login recording specification
[ ] update docs

Jun 01 '22 07:06 kenjis

I don't think we'll be able to get this one in before the initial release.

There are some parts of this feature that require consideration of specifications. I think it will take some time.

Jun 01 '22 21:06 kenjis

Why choose Firebase's implementation?

I googled CodeIgniter4 jwt, and found most tutorials use Firebase implementation. And it is commonly used in my country. So first of all, I chose it.

But I know it doesn't provide the most complete implementation, so I made it replaceable.

Jun 02 '22 02:06 kenjis

It is also commonly used in my country.

Jun 02 '22 02:06 datamweb

I don't remember much of the implementation as a lot of time has passed, but I think the implementation itself was done in one way or another.

If there is someone who wants to try JWT, please test. Of course code reviews are also welcome. I am going to run the code and see if this really works.

Oct 21 '22 08:10 kenjis

My only JWT CI4 project currently uses Myth and I've had issues installing Shield alongside because they have some conflicting services and factories. I know some community members have been keen on this - maybe check the forums for volunteers?

Oct 21 '22 10:10 MGatner

Good idea! I've posted the forum.

Oct 21 '22 11:10 kenjis

it finished? how to use this branch?

Jan 07 '23 10:01 hainm0912

This should work. You can get the code from my repository: https://github.com/kenjis/codeigniter-shield/tree/feat-jwt

Jan 07 '23 11:01 kenjis

how to use this branch?

Update your composer.json:

--- a/composer.json
+++ b/composer.json
@@ -7,7 +7,8 @@
     "require": {
         "php": "^7.4 || ^8.0",
         "codeigniter4/framework": "^4.0",
-        "codeigniter4/shield": "^1.0@beta"
+        "codeigniter4/shield": "dev-feat-jwt",
+        "firebase/php-jwt": "^6.2"
     },
     "require-dev": {
         "fakerphp/faker": "^1.9",
@@ -36,5 +37,11 @@
         "slack": "https://codeigniterchat.slack.com"
     },
     "minimum-stability": "dev",
-    "prefer-stable": true
+    "prefer-stable": true,
+    "repositories": [
+        {
+            "type": "vcs",
+            "url": "https://github.com/kenjis/codeigniter-shield.git"
+        }
+    ]
 }

Run composer update.

Jan 07 '23 12:01 kenjis

What is the status on JWT authentication?

Any TODOs I could help with?

Apr 13 '23 16:04 miguel-rn

Rebased to resolve conflicts.

Apr 13 '23 23:04 kenjis

What is the status on JWT authentication?

The implementation was finished. I need to write docs.

Any TODOs I could help with?

Testing and review. As you see, no one has approved this PR yet.

Apr 13 '23 23:04 kenjis

What is the status on JWT authentication?

The implementation was finished. I need to write docs.

Any TODOs I could help with?

Testing and review. As you see, no one has approved this PR yet.

Nice work! I will create an API now to help test this implementation.

Apr 13 '23 23:04 miguel-rn

Added docs.

Apr 14 '23 03:04 kenjis

Why this error?

ERROR: ReservedWord - tests/Authentication/Authenticators/JWTAuthenticatorTest.php:148:9 - 'resource' is a reserved word (see https://psalm.dev/095)
        $users->delete(1);

https://github.com/codeigniter4/shield/actions/runs/4696752282/jobs/8327382118?pr=195

Apr 14 '23 07:04 kenjis

After reviewing the implementation today, I felt that the current APIs are too narrow for use cases. I appreciate your feedback on usability.

Apr 14 '23 11:04 kenjis

Various API changes and additions. I believe that more items can be customized without extending classes.

Also, it may be too late now, but I found firebase/php-jwt does not support JWE. If we need JWE, we need to add another package.

Apr 16 '23 09:04 kenjis

I wrote a very simple sample code: https://github.com/kenjis/ci4-shield-test/tree/test-jwt#how-to-test-json-web-token-jwt-authentication

You can probably do about as much of tutorials as you can find by Googling "CodeIgniter4 JWT", just by writing controllers.

Apr 17 '23 09:04 kenjis

Added a lot of explanations in the docs: https://github.com/kenjis/codeigniter-shield/blob/feat-jwt/docs/addons/jwt.md#jwt-authentication

Apr 18 '23 08:04 kenjis

@MGatner @datamweb Can you review?

Apr 20 '23 10:04 kenjis

@kenjis will try to do today.

Apr 20 '23 10:04 datamweb

Question, how can the site administrator make the tokens expire in general? (I think he should change the secret code. If so, I'd prefer you explain it in the documentation.)

And the next question is there a way to expire the token for a specific user?

Please update the README file, the reference to support JWT is good.

Apr 20 '23 15:04 datamweb

Question, how can the site administrator make the tokens expire in general? (I think he should change the secret code. If so, I'd prefer you explain it in the documentation.) And the next question is there a way to expire the token for a specific user?

Tokens are to be validated by defining the conditions that make it invalid.

If you want to invalidate tokens to a specific user, you can do it by specifying the user ID and issued at.

Also, as you say, If you change the key, all tokens signed with that key will be invalidated.

Apr 20 '23 21:04 kenjis

@datamweb Thank you for the detailed review!

Apr 21 '23 09:04 kenjis

@MGatner Can you approve? Without your approve, I cannot merge this.

Apr 21 '23 09:04 kenjis

Thank you all!

Apr 21 '23 12:04 kenjis