Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BC support of Custom Claims #1222

Closed
wants to merge 2 commits into from
Closed

BC support of Custom Claims #1222

wants to merge 2 commits into from

Conversation

ElisDN
Copy link
Contributor

@ElisDN ElisDN commented May 3, 2021
edited
Loading

Easy backward compatible way for parsing custom claims for #1120, #1122 and #1183 in the next 8.x release.

How to use it

For example, if you want to add a role field into JWT, just add $role property into your token entity and override convertToJWT method from trait for adding role claim:

class AccessToken implements AccessTokenEntityInterface
{
    // ...

    private $userRole;

    public function setUserRole($role) { $this->userRole = $role }
    public function getUserRole() { return $this->userRole }

    private function convertToJWT()
    {
        return $this->jwtConfiguration->builder()
            // ...
            ->withClaim('role', $this->getUserRole())
            // ...
    }
}

After all fetch user role and fill the property in token repository:

class AccessTokenRepository implements AccessTokenRepositoryInterface
{
    // ...

    public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, $userIdentifier = null)
    {
        $accessToken = new AccessTokenEntity();
        // ...

        if ($userIdentifier !== null) {
            $accessToken->setUserIdentifier($userIdentifier);

            $row = $this->db->query('SELECT role FROM users WHERE id = :id', ['id' => $userIdentifier]);
            $accessToken->setUserRole($row['role']);
        }

        return $accessToken;
    }

    // ...
}

And now you can retreive $request->getAttribute('oauth_custom_claims') with value like ['role' => 'admin'].

@Sephster
Copy link
Member

Thanks @ElisDN - this is a simple solution but does require overriding of existing functions. I think ideally, long term, I'd like something more deliberately baked into the package. There are a few other potential PRs which go further than this one so for that reason, I won't be proceeding with this at present.

Thank you for your efforts though and apologies I won't be merging this in at this time.

@Sephster Sephster closed this May 15, 2021
@systemsolutionweb
Copy link

@Sephster neither this nor the other

@vrusua
Copy link

vrusua commented Apr 22, 2023

@Sephster is there any PR finally considered to add custom claims support? It's so useful for SPA and actually discussing here for a couple of years. Thanks.

@Sephster
Copy link
Member

Definitely want to add this so not off the radar

@PaolaRuby PaolaRuby mentioned this pull request May 15, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ElisDN @Sephster @systemsolutionweb @vrusua