Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Add ability to set encryption keys from config#683

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
taylorotwell merged 5 commits intolaravel:masterfromreinink:master
Apr 9, 2018
Merged

Add ability to set encryption keys from config#683

taylorotwell merged 5 commits intolaravel:masterfromreinink:master
Apr 9, 2018

Conversation

@reinink
Copy link
Contributor

@reininkreinink commentedApr 4, 2018
edited
Loading

Currently the only way to set encryption keys in Passport is with local files (/storage/oauth-private.key and/storage/oauth-public.key). However, this can be problematic in multi-server setups, where the same keys must be shared across multiple systems. In those situations, it's better to use environment variables. This PR adds the ability to do that.

The PHP League's OAuth 2.0 Server library supports passing either a file path or text version of the key to theirCryptKey class. It does this by doing a regular expression to check if the string provided matches a RSA key pattern. If yes, it automatically saves the key to a temporary file, otherwise it treats the string as a file path. Unfortunately there was a bug with this regular expression in version 6 of the League's library, which is why this also includes an upgrade to version 7.

One gnarly thing here is dealing with line returns in the environment variables. Many services allow line returns (ie. Heroku), but thevlucas/phpdotenv library does not. To support this functionality locally, this PR automatically converts all\n instances to proper line returns. Here is how you would define this in the.env file:

PASSPORT_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nMIIJJwIBAAKCAgEAw3KPag...\n-----END RSA PRIVATE KEY-----"PASSPORT_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOC...\n-----END PUBLIC KEY-----\n"

hotmeteor, bkuhl, connor11528, pascalbaljet, mkarnicki, coconutcraig, Sephster, sixlive, shirshak55, leroy0211, and 25 more reacted with thumbs up emojihotmeteor, coconutcraig, Sephster, Aidancs, nestordgs, coffe4u, rennokki, and Arkanius reacted with laugh emojihotmeteor, coconutcraig, Sephster, Aidancs, nestordgs, coffe4u, JoseCage, rennokki, Arkanius, and prazian reacted with hooray emojihotmeteor, mkarnicki, coconutcraig, Sephster, Aidancs, devjoca, nestordgs, coffe4u, JoseCage, rennokki, and 7 more reacted with heart emoji
@reininkreinink mentioned this pull requestApr 4, 2018
@taylorotwell
Copy link
Member

Can you summarize the breaking changes? Is it just the defaultnull value change?

@reinink
Copy link
ContributorAuthor

Yes, that is correct, just the signature change onBridge/ClientRepository@getClientEntity, which was required when I updated to v7 of the League's library.

If you're going to publish this as a breaking release, you may also consider changingPassportServiceProvider@CryptKey to a pubic method to avoid some of the hackery required in the tests.

@JuanDMeGon
Copy link
Contributor

Hello,
It is not equivalent to having the key files on every system?
I mean, at the end you will repeat the keys in the .env file of every system as well.
Or maybe am I misunderstanding something?

@reinink
Copy link
ContributorAuthor

@JuanDMeGon Many cloud based hosting services, like Heroku, provide a web based interface where you can setup environment variables. Those variables are then available automatically on all instances (servers). No need to use the.env file at all.

JuanDMeGon, Keirul, steveeakin, julienbourdeau, and fedelaport reacted with thumbs up emoji

@Sephster
Copy link
Contributor

When moving from v6 to v7, there were two main changes:

  • support for PHP 5.6 dropped
  • update thegetClientEntity() function to allow null values for the$grantType so you can get a client without having to specify a grant.

I've updated theupgrade guide to reflect this. Most other changes are listed in thechangelog.

JuanDMeGon, sgasser, Keirul, JoseCage, and marijnbent reacted with hooray emoji

@reinink
Copy link
ContributorAuthor

@Sephster Awesome! Thanks for jumping in on this discussion. 👍

Sephster, Keirul, and JoseCage reacted with thumbs up emoji

@taylorotwelltaylorotwell merged commitbb211a9 intolaravel:masterApr 9, 2018
@joelharkes
Copy link

I have tried this in v6.0.6 but why doesn't it work?

I have tried even copying the passport.php config in my laravel project?

Or is this for a v7?

@joelharkes
Copy link

Nevermind, Found that in dotEnv file i need to escape backslash (contrary to .yml files for docker compose).

after escaping \n => \n it works.

@warren32
Copy link

Anybody having issues after updatingvlucas/phpdotenv to 2.5.* will need to escape the backslash when defining the keys in the .env. Here is the updated example of what your keys would look like:

PASSPORT_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\\nMIIJJwIBAAKCAgEAw3KPag...\\n-----END RSA PRIVATE KEY-----"PASSPORT_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\\nMIICIjANBgkqhkiG9w0BAQEFAAOC...\\n-----END PUBLIC KEY-----\\n"
iruku reacted with thumbs up emoji

@joelharkes
Copy link

You know there should just be a default public and private key configured. way handier for first time laravel users.

maybe just add warning or fail when the app env is not local or when it is production.

but i'm probably not the first to offer this idea?

@pqt
Copy link

pqt commentedJan 22, 2019
edited
Loading

Just wanted to chime in@reinink, thank you for this. I love this contribution and it has been a life saver more times than I can count now. ❤️

reinink, JoseCage, and Hamzakh777 reacted with heart emoji

@samuthojo
Copy link

@reinink I have added the keys in Config Vars on heroku. But then how to tell laravel to load the keys from env instead of looking them up from the file system.

@taylorotwell
Copy link
Member

Export the configuration using vendor:publish and make sure your env vars match the vars in the configuration file.

samuthojo, reinink, adamtester, and CameronDarragh reacted with thumbs up emoji

@J5Dev
Copy link

J5Dev commentedFeb 12, 2019
edited
Loading

Maybe a stupid question, but I am fine with publishing the config file and then having the keys set as env vars, however, at which point should the keys be generated, and where?

Example, we have an app that can be deployed per client, so each deployment will need its own keys (Password grant). We can have the config file in our source control, but do we need to just run the install command locally to get keys each time we want a new set (for a new client).

or... can this be somehow incorporated into our deployment scripts.

(We are running the app as a stateless instance, with no file storage at all)

@driesvints
Copy link
Member

@J5Dev it's best that you ask this on a support channel:

My suggestion would be to do it in your first deploy manually or if you have a dynamic deploy incorporate it by adding an if check around the bash script (if you're using that) that checks if the files exist already.

@joelharkes
Copy link

@J5Dev you should generate them once for a single environment. if you change keys, than after update you wont be able to decrypt the encrypted cookies and access token anymore. so everybody will be logged out..

@lkmadushan
Copy link

I’m getting this error when i’m configuring passport encryption keys from .envIt was not possible to parse your key, reason: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode
does anyone have any idea about it?

@lkmadushan
Copy link

lkmadushan commentedMar 24, 2019
edited
Loading

PASSPORT_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\n∂MIIJKQIBAAKCAgEA5pgwnp9gEr5l8JWs8kHzTzpb9RT6/+U3X043EtTIVDG+gbtH∂YbroP65LpVDGFuerj9KreDcKdG7DZ7ngds3doXabWi0+sd+prCb/wtmtSE+ePW1x∂J1RKjJJx1L8Z+s95qLKpIE4BE1maBV+cvdNioZ34n4hng+FmJZ66r4Fn++l9rTAZUSxAJxrkgEbhxq3ecbYHSCBDnqMmwT4VAiKNnWWS/DjvTYYLISvp8pvgeOCo829JHqxsH5PuMKr8Rcn4zQsCrVfTNtnQdVkyorwAPPgNi1KbsZPJVTawSRrOgAHfhniXpxCzF4zQ17IBX0sV+xO2TDVaR4purRaqxRAE+YZ0sVAVkwsZRPFHUsG6HZBlnUz+RHp/+eG+fVPA+VsH6EWb2U+Mg/S7h1YTI2f+virMY19wQNcHQmltUzYjo2KTXigTBKyyrBP+zu8B50OV+RKb4E/iZkSGdM7MQnQhbCGSs3uDBibzH7cpgsQ5fXQwj5j2IVb5C7Tk9rNeIjJEpG0rJvZGqmiMkCdcCiclKEkilWTu8rb63pajhuKf+VkUdo5RocRw+uWSZD/t5tdue4emD9WDUwFQtZk55ZuuE9BwhB2YP/isoFIxcGclb0n4E3/bIa0sDxSasYw3yKOdCzUmC8seqN319UZTe6HF0NEB4lbSOygmW/HgeqWh4WcCAwEAAQKCAgEAmGYC1AK+6wRcuPki2OUPWdBXEA2yqUajJuC5cz+fuk05++F7FrMBZXzaz8IneOHZt+7ilkvCJBtEF5x4Jex+yoRpvdpjMgmAyJ7pr6xPYpgEG9Ll0rlZn7f1dUZrdCCE5iJVtlz3RwOT0HNVUvuOlwOhWkY7K6Te7oQOG4np4Ep7XeeJA+W77FxQohq2gqlMd1h3TYrNRd3L8jEGj2eoslp8Hye9uD2bw2uTbVzpqNnJr0FgUN5hgykwZYfLvI/0WAcr2MZPeFPR+oxd88FOYv0JbofFEEJ88E15iocl7OHQCb5PdAGMa0cMi1FAqOsl9s8bTxh/twJdjRWK/TxOHB4pzrv6I+HCcuOHcfKUPIUNX0e3hWSfu7c4FG2DCQHUJN2EEQFk1eBSCewFkgaljBLK2MGZly3RQ5we4sQwON20Y35RqqbGXRB2PqSe8925AAIaPlBr2oLQA3ASXhlzb4rsFYvxuJ9sf4hYMGpt6GZqdwWHbUQ/yH+oDuSDmAEJgzMqQx3mvjpMTBqtPzWqDmDMhqIktjMeXcHL7D/MpyHkdfxvS6ZTW1eX3GFrfoVSbx66iE6y2bSn7VfwA0k2hEym6FF7hy0RfHoxbDQ4SAJDvHc2TbqcmvQ8+AfMXmlpTTL8isltyGYZwMVJC7AxHLQjRvdOzplD9DcUz155CNkCggEBAPj5INKfgTbWuI51hNIy1DI4Czr1M8F59FxE9QI/NCFmXM165Wl32SV+u83jyOJoKIt/kpZrm+5teVH19hf7jnJg+1vyo7Hn8Nms1ueZNEVm5QjiHiVeYjmuZkgyi39kylvNWVBdx8opb1gA/Sm1JBnivwWUBenKamWlRXhD9ezL9F8LIT5vNw5LtCt18+Sy9eAdLDJZAWU+3PBykNK75Ga+2M8xm+/NSazGahTbogBXdQLNDyH6Uujk3gdtGB7hK7f0+BXy4cTpsoJxeHhYWEM7zB0guv/eOOfTb1xZ9kzbo6uvGCBVZVIVrOIAEJPIE2v9Ly/C6VVXT24vm66QtqMCggEBAO0aRdkcEN9K94r6rCg+hC/n1kJLqGt+xTc+ubbtglxfMhrit+Yd/IbVtAmagRAMn8A0P5kQgf45eNHBW4cGqef0xKWYX478JNA7PhSgjl4flSbJMC96v6L4aL4c2WKyqTe1i3w8SQAcbIU/ObQhi3c2fU2ejf8zLT/ClQ1jSEb/yyyez93t8e/PBXg9t1gKlhFE3nmalJE9L7JYViBjO+xETJu7R0SDPutu+egSMUKJXF4TupoQ5zohfQioSViL+iUr0KLhHOxpjDO7XigMCnyrIlnaGuxLuqmhqRVqMCOnwVzOhEdW2BtMbukBTF881CkFdi7DNIfg6FAHAeZzSm0CggEAQkL7i1LMLu4inDeGq/K/KsZjpsNPjPSKJmxr0LdFhoYZuM42dEVjU2lRTlCLTEZwVAAV4VauX1xfZ4LQhj17AdHx09zV2Clknmozn9vUX4ws9JpJb6SY+8UAj8J0AemvOZODa7Ip1BIHAiLxPcJp40HHmRJ2KGyouHit7n4X23fEh+8MX/N1caaQQujXikxex9C7zIKHrox2fL/g71T2SqoMRchsOfwm2YbNANQbX3/nMmGk32Qh4L3YoZ1VSBKhcgoOZLkJgUC5M6JDb7QDeZFWl4H4gtR/zKMnBisjM/1Yp/6nqyNPHfOK2XMu9kXPdXQitNFpDD96clbVVjZJhQKCAQBR5L0zXApH1bDig+pqjA1ELqNGirNFTaf4iOXEVQytswOvXZd/F+Rc/fsNRhxF2tZioKlGyPjdQiSE7nAalyagQ16Yg6Sd0mE0uwGaRkpmICp4Fw1ZmOAP/hTPdU9wU5027LGc24WrUCX7b/cSTHPLXTqyUI1jE94RI7gvw5b3TupyIvhRAxqJZcvR2B83fZCPrmXZQpcGA0gyJWi6Dwxncr+zGmBnPZ3B27bdfUseXCtXIyFUjXoQDfkNwHJ07wQbSqLpXy+KSHpwc8r1shL9NG7M8hRSgWWbqYapKuAtsIeM8pelvE0wQJoeSKCEVJJDCOvlAu9l7zzOR11Up4WRAoIBAQC2GAqIzqT+oksUxHXMtxSdbnF6b7Vj1PfKpfhM7bx/XDuNsPpoaZV/MFWamY55vIE6fRX2NPIEIrVkdWRXlLEtwkS20hb7Osf009tzzSg55WJD9VRRBBfjj/aUnOL/CxldqIZ6V4uIUmmQeDEA7o2rGw/6Aadmqqpa67j7+mqkAZ4JER7kWRsnHMG+zof+c0xKVrOKmS3aq2ZjdRB8oeOvPDViKt6oV9A5Ekqp0zmR+5gcQuxqGIDK2G0FhJ9ZL4Du0Zfi2ApG0YvHxxkoN0wq3BDVJTJf9qHz4oG3MtLYZxgYuoAPCsQ2WZpA69luD0IC84Ir4Gt9zOW5zZxldhtk\n-----END RSA PRIVATE KEY-----"PASSPORT_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5pgwnp9gEr5l8JWs8kHzTzpb9RT6/+U3X043EtTIVDG+gbtHYbroP65LpVDGFuerj9KreDcKdG7DZ7ngds3doXabWi0+sd+prCb/wtmtSE+ePW1xJ1RKjJJx1L8Z+s95qLKpIE4BE1maBV+cvdNioZ34n4hng+FmJZ66r4Fn++l9rTAZUSxAJxrkgEbhxq3ecbYHSCBDnqMmwT4VAiKNnWWS/DjvTYYLISvp8pvgeOCo829JHqxsH5PuMKr8Rcn4zQsCrVfTNtnQdVkyorwAPPgNi1KbsZPJVTawSRrOgAHfhniXpxCzF4zQ17IBX0sV+xO2TDVaR4purRaqxRAE+YZ0sVAVkwsZRPFHUsG6HZBlnUz+RHp/+eG+fVPA+VsH6EWb2U+Mg/S7h1YTI2f+virMY19wQNcHQmltUzYjo2KTXigTBKyyrBP+zu8B50OV+RKb4E/iZkSGdM7MQnQhbCGSs3uDBibzH7cpgsQ5fXQwj5j2IVb5C7Tk9rNeIjJEpG0rJvZGqmiMkCdcCiclKEkilWTu8rb63pajhuKf+VkUdo5RocRw+uWSZD/t5tdue4emD9WDUwFQtZk55ZuuE9BwhB2YP/isoFIxcGclb0n4E3/bIa0sDxSasYw3yKOdCzUmC8seqN319UZTe6HF0NEB4lbSOygmW/HgeqWh4WcCAwEAAQ==\n-----END PUBLIC KEY-----\n"

m777z pushed a commit to m777z/laravel-docs that referenced this pull requestJun 8, 2019
gdebrauwer pushed a commit to gdebrauwer/docs that referenced this pull requestJun 20, 2019
@YassineChe
Copy link

Hello, can anyone help

Trying to generate tokens via Laravel 8 Passport by sending an Http Request to the endpoint, (using laravel valet to deploy apps)

https://project.test/oauth/token

my composer :

    "php": "^7.3|^8.0",    "fideloper/proxy": "^4.4",    "fruitcake/laravel-cors": "^2.0",    "guzzlehttp/guzzle": "^7.0.1",    "laravel/framework": "^8.12",    "laravel/jetstream": "^1.6",    "laravel/passport": "^10.1",    "laravel/sanctum": "^2.6",    "laravel/socialite": "^5.1",    "laravel/tinker": "^2.5",    "livewire/livewire": "^2.0"

I get this exception: It was not possible to parse your key, without specifying the reason why, I tried to google it i found nothing, stick with this for days.

{    "message": "It was not possible to parse your key, reason: ",    "exception": "Lcobucci\\JWT\\Signer\\InvalidKeyProvided",    "file": "/Users/yassine/Desktop/apps/project/vendor/lcobucci/jwt/src/Signer/InvalidKeyProvided.php",    "line": 17,    "trace": [        {            "file": "/Users/yassine/Desktop/apps/project/vendor/lcobucci/jwt/src/Signer/OpenSSL.php",            "line": 85,            "function": "cannotBeParsed",            "class": "Lcobucci\\JWT\\Signer\\InvalidKeyProvided",            "type": "::"        },        {            "file": "/Users/yassine/Desktop/apps/project/vendor/lcobucci/jwt/src/Signer/OpenSSL.php",            "line": 42,            "function": "validateKey",            "class": "Lcobucci\\JWT\\Signer\\OpenSSL",            "type": "->"        },        {            "file": "/Users/yassine/Desktop/apps/project/vendor/lcobucci/jwt/src/Signer/OpenSSL.php",            "line": 18,            "function": "getPrivateKey",            "class": "Lcobucci\\JWT\\Signer\\OpenSSL",            "type": "->"        },        {            "file": "/Users/yassine/Desktop/apps/project/vendor/lcobucci/jwt/src/Signer/BaseSigner.php",            "line": 38,            "function": "createHash",            "class": "Lcobucci\\JWT\\Signer\\OpenSSL",            "type": "->"        },        {            "file": "/Users/yassine/Desktop/apps/project/vendor/lcobucci/jwt/src/Builder.php",            "line": 568,            "function": "sign",            "class": "Lcobucci\\JWT\\Signer\\BaseSigner",            "type": "->"        },        {            "file": "/Users/yassine/Desktop/apps/project/vendor/lcobucci/jwt/src/Builder.php",            "line": 529,            "function": "createSignature",            "class": "Lcobucci\\JWT\\Builder",            "type": "->"        },

@erikverheij
Copy link

@YassineChe; I've experienced a similar error a while ago when I tried to run my Laravel in PHP 8. Switching back to 7.x fixed it for me for the moment.

YassineChe reacted with heart emoji

@driesvints
Copy link
Member

@YassineChe please make sure you're running the very latest versions of Passport, lcobucci/jwt and OAuth2 Server. If that doesn't helps please open an issue.

@joelharkes
Copy link

i have been experiencing some issues on withlcobucci/jwt as well reverting back to"lcobucci/jwt": "3.3.3", does the trick.

debragail reacted with thumbs up emoji

@driesvints
Copy link
Member

Which issues? All should be resolved in the latests versions.

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

13 participants

@reinink@taylorotwell@JuanDMeGon@Sephster@joelharkes@warren32@pqt@samuthojo@J5Dev@driesvints@lkmadushan@YassineChe@erikverheij
[8]ページ先頭
©2009-2025 Movatter.jp