Comments (23)
Yeah the $response
object is currently unused. It's kept on the off change that some custom authenticator might want to modify the response too when identity is cleared.
from authentication.
@ADmad Do you have a real world usage of such custom authenticator adaptors ? I think it is not necessary.
from authentication.
You could have an auth adapter that accepts a username/password and responds with a token as a header that should be used for further authenticated requests.
from authentication.
@josegonzalez so you mean multiple authentications happening. I have not came across in my life. If you think it is really necessary I will close this.
Thank you for the help.
from authentication.
Thanks @harikt. Your interest and inputs for this plugin are really appreciated.
from authentication.
@harikt it's a pretty normal thing to support username/password => token exchange, though normally I see it with a dedicated endpoint.
from authentication.
Thanks @harikt. Your interest and inputs for this plugin are really appreciated.
Sure. I am planning to dig more into this and play with zend-expressive or slim. One thing I noticed is a problem with the Router class and login url. Before I create yet another issue I want to play and see how things work :-) .
Another one I feel is dependency on orm can be moved
Line 14 in b319693
@josegonzalez sure, I have no / little experience with it.
Thank you guys.
from authentication.
Before I create yet another issue I want to play and see how things work :-) .
Sure, do report back. Having an "outside" perspective is great.
from authentication.
Hi @ADmad,
I have played to configure with zend-expressive. It took me sometime to understand this probably will only work with cakephp.
One of the problem I noticed is with session :
I don't know if there is any interface for the session. It expects a read
method. But I was using Aura.Session which doesn't have the same. So what I learned is, it is probably a bad idea to add all to the request attribute of psr-7. But make them explicit dependency. So it can be type hinted to interface.
I have not created a separate issue for I re-read the docs to understand this aims to cake only.
Commenting here for you were interested in the feedback.
Thank you
from authentication.
@harikt Yeah to start with we developed the plugin with CakePHP in mind but it would be really nice to be able to use it outside CakePHP too.
What solution do you propose regarding the session issue? Add an interface?
from authentication.
Also instead of the provided SessionAuthenticator
you could aways make your own authenticator class which uses Aura.Session.
from authentication.
Also instead of the provided SessionAuthenticator you could aways make your own authenticator class which uses Aura.Session.
@ADmad sure ie also a nice alternative.
Aura does have a Auth component : It has a SessionInterface
https://github.com/auraphp/Aura.Auth/tree/f83060d3004af3777f0fc2b6c6672174e6133f7d/src/Session . The SessionInterface and explicit dependencies help to understand more the underlying code.
I am not too familiar with cake may be the reason I could not make things work.
Thanks for your time.
from authentication.
@harikt The plugin does provide Authentication\Authenticator\PersistenceInterface
so if you want to use your own session handling lib you would make your own authenticator which implements that. Sorry for the late response.
from authentication.
@ADmad thanks for the information. No issues for late reply :-) . Nothing critical, just experimenting ;-) .
from authentication.
The quick back and forth is more for our benefit than yours, so that we can keep moving ahead with the plugin development in a manner which will be useful to people 😛
from authentication.
The quick back and forth is more for our benefit than yours, so that we can keep moving ahead with the plugin development in a manner which will be useful to people
I agree with you. I have projects that are thrown for the delays happened, and sometime when choosing certain libraries we always remember the pain.
from authentication.
@ADmad just a quick note : When the concept points to middleware https://github.com/cakephp/authentication/blob/24ba867f12717d1e4ec1f28860b6e2fd2216e09f/src/Middleware/AuthenticationMiddleware.php (it is old one as in expressive ) . I hope you guys are aware of the psr proposals https://github.com/http-interop/http-middleware and https://github.com/http-interop/http-factory which is already used https://github.com/zendframework/zend-stratigility/blob/ff2fa693bde0d5886c3f6fff0aec92e2a0d6bb17/composer.json#L26 . May be adding something like that will help ?
from authentication.
@harikt We had just finished implementing the 'double pass' style when the http-interop project started and decided to go for 'single pass'. We would need to add support for the 'single pass' middleware interfaces defined in the http-interp/http-middleware in a future version of CakePHP. I think we can do that in a backwards compatible way using type checking.
from authentication.
@markstory yes you are right I believe. Haven't looked more on stratigility, but it has implemented this. Don't know if there is BC breaks though.
from authentication.
Hi guys,
Sorry for asking again. I have been looking at the PersistenceInterface again .
interface PersistenceInterface
{
public function persistIdentity(ServerRequestInterface $request, $identity);
public function clearIdentity(ServerRequestInterface $request, ResponseInterface $response);
}
I am having one more question : Are you guys thinking about using the $request / $response to read / write to the headers and make the session work?
I guess everyone is going to rely on $_SESSION
( in one way or the other ) itself for currently the session / cookie is not as easy as to create with psr-7. In that case we probably don't need the request and response object itself I guess.
Also it looks to me it may be a good idea not to rely too much on the withAttribute / getAttribute to store the outside objects. Proper dependencies may really help.
from authentication.
I am having one more question : Are you guys thinking about using the $request / $response to read / write to the headers and make the session work?
Yes, or to set cookies/response headers for token/cookie auth.
I guess everyone is going to rely on $_SESSION ( in one way or the other ) itself for currently the session / cookie is not as easy as to create with psr-7.
Right now we have a mutable object inside the request to access the session. I'm not a big fan of using $_SESSION
directly as it has a few gotchas. Which is why we ended up on the session being a request attribute. Its not ideal, but its better than $_SESSION
.
from authentication.
I'm not a big fan of using $_SESSION directly as it has a few gotchas.
You can actually use some class and wrap $_SESSION inside it. So you can also mock it.
My question was basically to understand what are the things going to be done with $request and $response which are going to be passed to the Persistence interface.
from authentication.
You can actually use some class and wrap $_SESSION inside it. So you can also mock it.
That's basically what the Session
object does in CakePHP. We currently have it attached to the request as an attribute. We didn't originally separate the session from the request as it was more consistent to accept request/response objects and leave each authenticator to use the request/response features as they need.
Having a formal dependency on a session object would require coupling to a cakephp specific interface, as I don't think there is an inter-operable interface for sessions.
from authentication.
Related Issues (20)
- update docs links
- FAILURE_IDENTITY_NOT_FOUND HOT 1
- update src folder links
- update test folder links
- update links root folder
- Issue when using Authentication Plugin and DebugKit in Dev Environments HOT 4
- SessionAuthenticator `'identify' => true` config does not work HOT 16
- zend-diactoros require php ^7.1 -> your php version (8.1.10) HOT 3
- Impersonate issue with serialization for session
- Multiple table/model fields HOT 2
- `isLoggedIn()` in a Controller? HOT 2
- v3 docs need to be built/deployed HOT 3
- Reduce constraint for psr/http-message HOT 5
- allowUnauthenticated() for all actions HOT 3
- Feature request: Make Authentication service available via DI in the Middleware
- Impersonation for non-persistent authenticators HOT 23
- Session Identifier forces use of 'username' array key
- LDAP identifier is not compatible with php 8.3
- LoginLink functionality HOT 3
- Use Authentication into Cell HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentication.