[Slim] Add ApiKey and OAuth authentication middleware #1207
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ybelenko
added
Breaking change (with fallback)
Enhancement: Feature
Server: PHP
WIP
|
#1092 related issue |
|
Major question to PHP committee, can I drop |
Sure but let's target 4.0.x branch, which will be released in Dec. |
|
That sounds good to me. 👍 |
ybelenko
force-pushed
the
slim_token_authentication
branch
2 times, most recently
from
ddeccdb to
5da2d83
Compare
ybelenko
force-pushed
the
slim_token_authentication
branch
from
5da2d83 to
e570200
Compare
This commit will be dropped, when official repo approves submitted PRs. Right now it's for test purposes only.
Considered to use dyorg/slim-token-authentication for all authentication schemes. User needs to decode and parse Basic token himself, but it's pretty simple task and there are many code examples in the web. Most of time solution is two lines of code.
I've changed PHP version to 7 and updated comments to follow main recommendations. Used PHPCodesniffer rules are Generic.Commenting, Squiz.Commenting, PEAR.Commenting. Of course I applied only reasonable sniffs from this standards. @category tag has been deleted as deprecated accordingly to phpDocumentor offical docs. Ref: http://docs.phpdoc.org/references/phpdoc/tags/category.html
ybelenko
force-pushed
the
slim_token_authentication
branch
from
e570200 to
58b7bd8
Compare
|
Ref to related PR in Slim Token Authentication repo: |
A-Joshi
pushed a commit
to ihsmarkitoss/openapi-generator
that referenced
this pull request
Feb 27, 2019
) * [Slim] Add fork of token middleware This commit will be dropped, when official repo approves submitted PRs. Right now it's for test purposes only. * [Slim] Adds token middleware to template * [Slim] Move auth implementation to external classes * [Slim] Update readme * [Slim] Add config example * [Slim] Remove deprecated package Considered to use dyorg/slim-token-authentication for all authentication schemes. User needs to decode and parse Basic token himself, but it's pretty simple task and there are many code examples in the web. Most of time solution is two lines of code. * [Slim] Format phpdoc comments I've changed PHP version to 7 and updated comments to follow main recommendations. Used PHPCodesniffer rules are Generic.Commenting, Squiz.Commenting, PEAR.Commenting. Of course I applied only reasonable sniffs from this standards. @category tag has been deleted as deprecated accordingly to phpDocumentor offical docs. Ref: http://docs.phpdoc.org/references/phpdoc/tags/category.html * [Slim] Refresh samples
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR checklist
./bin/to update Petstore sample so that CIs can verify the change. (For instance, only need to run./bin/{LANG}-petstore.shand./bin/security/{LANG}-petstore.shif updating the {LANG} (e.g. php, ruby, python, etc) code generator or {LANG} client's mustache templates). Windows batch files can be found in.\bin\windows\.master,3.4.x,4.0.x. Default:master.Description of the PR
First of all, that feature is authentication only. It contains token/apiKey parsing and it validation. It doesn't contain token signing and all tasks related to authorization yet.
I've checked all secured endpoints with fake petstore spec. It turns out that some server ignores http headers with underscores, so header
api_keydoesn't work, whileapi-key/apikeyworks.There are official list of Slim middlewares
Slim OAuth middleware looks like overkill to me, so I've ended up with my fork of Slim token authentication.
✔️ Maybe we should deprecate Slim Basic Authentication package and do all the job with Slim token authentication, to make implementation more consistent and reduce dependency list.
✔️ I've decided to move so called
authenticatorsinto external PHP classes. Three classesBasicAuthenticator,ApiKeyAuthenticatorandOAuthAuthenticatorshould extendAbstractAuthenticator. Don't know if it's breaking changes or not. Probably breaking changes with fallback.cc @jebentier @dkarlovi @mandrean @jfastnacht @ackintosh