Is there any estimate time of v3 support?

Hello Cnam! send the token in a cookie is very efficient in a normal website that wants to be stateless. Cookies are quite safe and once obtained are automatically sent to the server. I would like this feature is implemented.

        //Snippet in Silex\Component\Security\Http\Firewall::handle

        if ($this->options['header_name'] == "Cookie" && $this->options['cookie_name']) {
            $cookie = $request->cookies->get($this->options['cookie_name']);
            $requestToken = $this->getToken($cookie);
        }
        else {
            $requestToken = $this->getToken(
            $request->headers->get($this->options['header_name'], null)
            ); 
        }   

Thank You.

Hello,

I try to get the username on a secure route using:
$app['security.token_storage']->getToken()->getUsername()

and I get the following error:

PHP Notice:  Undefined property: Silex\Component\Security\Http\Token\JWTToken::$usernameClaim in C:\work\web\nova-backoffice\vendor\cnam\security-jwt-service-provider\src\Silex\Component\Security\Http\Token\JWTToken.php on line 60

Except for the secret_key and header_name, security.jwt configuration use the default settings.
The secure routes are defined like this:

    'secure' => array(
        'pattern' => '^.*$',
        'users' => $app['users'],
        'jwt' => array(
            'use_forward' => true,
            'require_previous_session' => false,
            'stateless' => true,
        )           
    ),

Version:

        "doctrine/dbal": "^2.5",
        "silex/silex": "~1.3",
        "symfony/security": "~2.7",
        "cnam/security-jwt-service-provider": "1.*"

Note that $token->setUsernameClaim($this->options['username_claim']); is properly called in JWTListener.php:65

Do you need more details, or there is something obvious I am doing wrong ?

It looks like the composer.json needs to be updated to support the current versions of pimple being pushed out:

• Installation request for cnam/security-jwt-service-provider ^2.1 -> satisfiable by cnam/security-jwt-service-provider[2.1.1]
• cnam/security-jwt-service-provider 2.1.1 requires pimple/pimple 3.0.* -> no matching package found.

I've created this issue on StackOverflow:

http://stackoverflow.com/questions/30419708/silex-get-authenticated-user-information-on-routes-outside-of-firewall

And so far the only resolution I have to it is the "hack" answer I provided.

Do you know of a better way to a solution, or is what I describe in my workaround the best possible?

in firebase/php-jwt < 2.0.0
See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

Hello !

I don't know if it's a problem of mine, but I'm unable to add this project in my composer. Due to a confusion with pimple:

$ composer require cnam/security-jwt-service-provider
Using version 0.0.6.* for cnam/security-jwt-service-provider
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Can only install one of: pimple/pimple[v3.0.0, v1.1.1].
    - Can only install one of: pimple/pimple[v3.0.0, v1.1.1].
    - cnam/security-jwt-service-provider 0.0.6 requires pimple/pimple 3.0.* -> satisfiable by pimple/pimple[v3.0.0].
    - Installation request for cnam/security-jwt-service-provider 0.0.6.* -> satisfiable by cnam/security-jwt-service-provider[0.0.6].
    - Installation request for pimple/pimple == 1.1.1.0 -> satisfiable by pimple/pimple[v1.1.1].


Installation failed, reverting ./composer.json to its original content.

My require in my composer.json contain only this atm:

"require": {
    "silex/silex": "~1.2",
    "doctrine/dbal": "~2.5",
    "monolog/monolog": "1.x",
    "firebase/php-jwt": "~1.0"
  }

If I have a defined firewall like this:

$app['security.firewalls'] = array(
    'login' => [
        'pattern' => 'auth',
        'anonymous' => true,
    ],
    'secured' => array(
        'pattern' => '^/api/',
        'logout' => array('logout_path' => '/v1/logout'),
        'security' => $app['debug'] ? false : true,
        'users' => $app['users'],
        'jwt' => array(
            'use_forward' => true,
            'require_previous_session' => false,
            'stateless' => true,
        )
    ),
);

and my API routes are like this:

/*
 * API Routes
 */
$api = $app['controllers_factory'];
$api->post('/auth', 'App\Controllers\API\AuthController::auth');
$api->get('/pages/{path}', 'App\Controllers\API\PageController::children')->assert('path', '.*');
[...]
$app->mount('/api/v1', $api);

How can I handle a logout call / route definition?

e.g. /api/v1/logout (destroy the user's session?)

Newest silex use symfony/security 2.7 you can check here : https://github.com/silexphp/Silex/blob/master/src/Silex/Provider/SecurityServiceProvider.php#L354

Hello,
I notice that you call $this->userChecker->checkPostAuth($user) in JWTProvider::authenticate
but checkPreAuth($user) is not called.
This make methods like AdvancedUserInterface::isEnabled() never being called.
Is it expected ? Or do I miss something ?

Hi! I'm testing right now the workflow using the Silex Firewall and it seems broken. In the JWTListener, the option token_prefix is missing, so headers like the recommended by JWT are not valid:

Authorization: Bearer <token>

It works well if I remove the Bearer string. Instead of decoding the string directly the lib should remove the token prefix from the Request Header first.

No exceptions thrown on json token fail check

https://gist.github.com/ahmetilhann/e593511dba3e72e10c4f21872c8dd638
I can create a token. But when I make a request with token I get this warning
Users attached to data base

{"message":"A Token was not found in the TokenStorage."}``

How to make the Success and Failure Handlers get called upon authentication success/failure.
I setup according to the example provided but the specified handlers have no effect ..

` $app['security.authentication.success_handler.secured'] = function () use ($app) {
return new Authentication\AuthenticationSuccessHandler($app['security.http_utils'], []);
};

    $app['security.authentication.failure_handler.secured'] = function () use ($app) {
        return new Authentication\AuthenticationFailureHandler($app['request'], $app['security.http_utils'], []);
    };`

I tried to use your provider but it doesn't seem to work. I can access every routes whereas I should be redirect to login route or raise an exception maybe.
Here is my code...

$app['security.jwt'] = array(
     'secret_key' => 'aze123&',
     'life_time'  => 86400, //life time token
     'options' => array(
         'header_name' => 'AUTH-HEADER-TOKEN' //header name for authorisation
     )
);
$app->register(new Silex\Provider\SecurityJWTServiceProvider());
$app['security.firewalls'] = array(
    'login' => array(
        'pattern' => 'login|register|oauth',
        'anonymous' => true,
    ),
    'secured' => array(
        'pattern' => '^.*$',
        'logout' => array('logout_path' => '/users/logout'),
        'users' => array(
            'admin' => array('ROLE_ADMIN', '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg==')
        ),
        'jwt' => array(
            'use_forward' => true,
            'require_previous_session' => false,
            'stateless' => true
        )
    )
);

Anyway, thank you for this code I was searching for a looong time !!

Your example of JWT service provider did not works. 'A Token was not found in the TokenStorage.' error occurs.

Can you explain it?