A new IdentityInterface for authentication #39
Conversation
|
@ezimuel Is there still work to do on this patch? |
|
sorry for the super late response - LGTM 👍 |
@weierophinney this PR is ready, of course we need to implement a new |
There was a problem hiding this comment.
@ezimuel please see my comment, I think this PR contains BC break.
| * or null if not authenticated | ||
| */ | ||
| public function authenticate(ServerRequestInterface $request) : ?UserInterface; | ||
| public function authenticate(ServerRequestInterface $request) : ?IdentityInterface; |
There was a problem hiding this comment.
This is BC Break, imho.
Anyone who has implement that interface need update code to change the RTH in implementation of that method.
There was a problem hiding this comment.
Thechnically speaking yes, but you need to change only the return type of AuthentictionInterface::authenticate() to IdentityInterface. Your existing code that returns a UserInterface object will remain as is.
This code shows that is possible:
declare(strict_types=1);
interface IdentityInterface {
public function getIdentity(): string;
}
interface UserInterface extends IdentityInterface {
public function getRoles() : iterable;
}
interface ClientInterface extends IdentityInterface {
public function getScopes() : iterable;
}
interface AuthenticationInterface
{
public function authenticate(string $param): ?IdentityInterface;
}
class Auth implements AuthenticationInterface
{
public function authenticate(string $param): ?IdentityInterface {
return new class implements UserInterface {
public function getIdentity(): string {
return 'identity';
}
public function getRoles() : iterable {
return [];
}
};
}
}
$a = new Auth(); // no error hereI think this can be an acceptable (small) BC breaks and we can document it in the release note.
There was a problem hiding this comment.
Technically speaking yes, but you need to change only the return type
It is not my decision, but in my opinion we shouldn't release it in minor release. If someone was using it as it was it's going to stop working after running composer update.
For me the question is simply: do we really follow semver or not?
There was a problem hiding this comment.
I think this can be an acceptable (small) BC breaks
"small" or "big" doesn't matter.
For me the question is simply: do we really follow semver or not?
We follow the semantic versioning!
There was a problem hiding this comment.
…we can document it in the release note.
The goal should be: It must work without a user having to read the release notes or documentation. (mini and minor version!)
There was a problem hiding this comment.
@froschdesign thanks for explain me how it works the versioning!!!
There was a problem hiding this comment.
@weierophinney it's up to you, for me we can release it in a minor/major, no matter. I was just trying to improve the existing code with minimum (one line change code) impact (btw, only if a user has implemented a specific interface). @webimpress and @froschdesign we don't leave in a perfect world.
There was a problem hiding this comment.
@froschdesign and @webimpress I removed the "without BC break" in the title and added BC break label.
There was a problem hiding this comment.
thanks for explain me how it works the versioning!!!
I'm sorry, this is and was not my intention. I have only seen the outcry from users which run an update via Composer and did not read the release notes.
Sorry for the misunderstanding!
There was a problem hiding this comment.
@froschdesign it's ok. I would have to wait 10 minutes before answering (busy day). I see your point here and I actually agree, this is a BC break (even if it's a really small one).
|
I've got this and the related one for oauth2 on my todo list - not sure if I'll have time to evaluate them this week, or if it will be early next. I'll drop a note with what route I go (new minor or new major) when I do. |
|
This repository has been closed and moved to mezzio/mezzio-authentication; a new issue has been opened at mezzio/mezzio-authentication#2. |
|
This repository has been moved to mezzio/mezzio-authentication. If you feel that this patch is still relevant, please re-open against that repository, and reference this issue. To re-open, we suggest the following workflow:
|
This PR is a work in progress to solve the issue about OAuth2 client authentication reported in zendframework/zend-expressive-authentication-oauth2#55. The idea is to use a general
IdentityInterfaceas follows:And a specific
UserInterfacethat extends theIdentityInterface, as follows:Regarding the
AuthenticationMiddleware, this PR generates aUserInterfacePSR-7 attribute ifauthenticate($request)returns an instance ofUserInterface. Otherwise, it will returns aIdentityInterfaceattribute.These changes should prevent BC breaks for existing implementations using
zend-expressive-authenticationand offers a new solution tozend-expressive-authentication-oauth2for implementing aClientInterface(extendingIdentityInterface).