Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3b3362f

Browse files
committed
[SecurityBundle] Remove deprecated OIDC token handler options algorithm and key
Remove the deprecated algorithm and key options from the OIDC token handler configuration,use algorithms and keyset instead.- Add CHANGELOG entry- Add UPGRADE-8.0.md entry with before/after examples- Remove legacy test for deprecated options- No need to remove symfony/deprecation-contracts (not present)
1 parent6ab4a14 commit3b3362f

File tree

5 files changed

+43
-114
lines changed

5 files changed

+43
-114
lines changed

‎UPGRADE-8.0.md‎

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -330,6 +330,37 @@ Security
330330
* Remove`AbstractListener::__invoke`
331331
* Remove`LazyFirewallContext::__invoke()`
332332

333+
SecurityBundle
334+
--------------
335+
336+
* Remove the deprecated`algorithm` and`key` options from the OIDC token handler configuration, use`algorithms` and`keyset` instead
337+
338+
*Before*
339+
```yaml
340+
# config/packages/security.yaml
341+
security:
342+
firewalls:
343+
main:
344+
access_token:
345+
token_handler:
346+
oidc:
347+
algorithm:'RS256'
348+
key:'https://example.com/.well-known/jwks.json'
349+
```
350+
351+
*After*
352+
```yaml
353+
# config/packages/security.yaml
354+
security:
355+
firewalls:
356+
main:
357+
access_token:
358+
token_handler:
359+
oidc:
360+
algorithms:['RS256']
361+
keyset:'https://example.com/.well-known/jwks.json'
362+
```
363+
333364
Serializer
334365
----------
335366

‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ CHANGELOG
44
8.0
55
---
66

7+
* Remove the deprecated`algorithm` and`key` options from the OIDC token handler configuration, use`algorithms` and`keyset` instead
78
* Remove`LazyFirewallContext::__invoke()`
89

910
7.4

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php‎

Lines changed: 4 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -92,35 +92,12 @@ public function addConfiguration(NodeBuilder $node): void
9292
->arrayNode($this->getKey())
9393
->fixXmlConfig($this->getKey())
9494
->validate()
95-
->ifTrue(staticfn ($v) => !isset($v['algorithm']) && !isset($v['algorithms']))
96-
->thenInvalid('You must seteither "algorithm" or"algorithms".')
95+
->ifTrue(staticfn ($v) => !isset($v['algorithms']))
96+
->thenInvalid('You must set "algorithms".')
9797
->end()
9898
->validate()
99-
->ifTrue(staticfn ($v) => !isset($v['discovery']) && !isset($v['key']) && !isset($v['keyset']))
100-
->thenInvalid('You must set either "discovery" or "key" or "keyset".')
101-
->end()
102-
->beforeNormalization()
103-
->ifTrue(staticfn ($v) =>isset($v['algorithm']) &&\is_string($v['algorithm']))
104-
->then(staticfunction ($v) {
105-
if (isset($v['algorithms'])) {
106-
thrownewInvalidConfigurationException('You cannot use both "algorithm" and "algorithms" at the same time.');
107-
}
108-
$v['algorithms'] = [$v['algorithm']];
109-
unset($v['algorithm']);
110-
111-
return$v;
112-
})
113-
->end()
114-
->beforeNormalization()
115-
->ifTrue(staticfn ($v) =>isset($v['key']) &&\is_string($v['key']))
116-
->then(staticfunction ($v) {
117-
if (isset($v['keyset'])) {
118-
thrownewInvalidConfigurationException('You cannot use both "key" and "keyset" at the same time.');
119-
}
120-
$v['keyset'] =\sprintf('{"keys":[%s]}',$v['key']);
121-
122-
return$v;
123-
})
99+
->ifTrue(staticfn ($v) => !isset($v['discovery']) && !isset($v['keyset']))
100+
->thenInvalid('You must set either "discovery" or "keyset".')
124101
->end()
125102
->children()
126103
->arrayNode('discovery')
@@ -155,19 +132,11 @@ public function addConfiguration(NodeBuilder $node): void
155132
->isRequired()
156133
->scalarPrototype()->end()
157134
->end()
158-
->arrayNode('algorithm')
159-
->info('Algorithm used to sign the token.')
160-
->setDeprecated('symfony/security-bundle','7.1','The "%node%" option is deprecated and will be removed in 8.0. Use the "algorithms" option instead.')
161-
->end()
162135
->arrayNode('algorithms')
163136
->info('Algorithms used to sign the token.')
164137
->isRequired()
165138
->scalarPrototype()->end()
166139
->end()
167-
->scalarNode('key')
168-
->info('JSON-encoded JWK used to sign the token (must contain a "kty" key).')
169-
->setDeprecated('symfony/security-bundle','7.1','The "%node%" option is deprecated and will be removed in 8.0. Use the "keyset" option instead.')
170-
->end()
171140
->scalarNode('keyset')
172141
->info('JSON-encoded JWKSet used to sign the token (must contain a list of valid public keys).')
173142
->end()

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/AccessTokenFactoryTest.php‎

Lines changed: 6 additions & 78 deletions
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@ public function testInvalidOidcTokenHandlerConfigurationKeyMissing()
104104
$config = [
105105
'token_handler' => [
106106
'oidc' => [
107-
'algorithm' =>'RS256',
107+
'algorithms' =>['RS256'],
108108
'issuers' => ['https://www.example.com'],
109109
'audience' =>'audience',
110110
],
@@ -114,53 +114,21 @@ public function testInvalidOidcTokenHandlerConfigurationKeyMissing()
114114
$factory =newAccessTokenFactory($this->createTokenHandlerFactories());
115115

116116
$this->expectException(InvalidConfigurationException::class);
117-
$this->expectExceptionMessage('You must set either "discovery" or "key" or "keyset".');
117+
$this->expectExceptionMessage('You must set either "discovery" or "keyset".');
118118

119119
$this->processConfig($config,$factory);
120120
}
121121

122122
publicfunctiontestInvalidOidcTokenHandlerConfigurationDuplicatedKeyParameters()
123123
{
124-
$config = [
125-
'token_handler' => [
126-
'oidc' => [
127-
'algorithm' =>'RS256',
128-
'issuers' => ['https://www.example.com'],
129-
'audience' =>'audience',
130-
'key' =>'key',
131-
'keyset' =>'keyset',
132-
],
133-
],
134-
];
135-
136-
$factory =newAccessTokenFactory($this->createTokenHandlerFactories());
137-
138-
$this->expectException(InvalidConfigurationException::class);
139-
$this->expectExceptionMessage('You cannot use both "key" and "keyset" at the same time.');
140-
141-
$this->processConfig($config,$factory);
124+
// This test is no longer relevant as 'key' option has been removed
125+
$this->markTestSkipped('The "key" option has been removed in Symfony 8.0');
142126
}
143127

144128
publicfunctiontestInvalidOidcTokenHandlerConfigurationDuplicatedAlgorithmParameters()
145129
{
146-
$config = [
147-
'token_handler' => [
148-
'oidc' => [
149-
'algorithm' =>'RS256',
150-
'algorithms' => ['RS256'],
151-
'issuers' => ['https://www.example.com'],
152-
'audience' =>'audience',
153-
'keyset' =>'keyset',
154-
],
155-
],
156-
];
157-
158-
$factory =newAccessTokenFactory($this->createTokenHandlerFactories());
159-
160-
$this->expectException(InvalidConfigurationException::class);
161-
$this->expectExceptionMessage('You cannot use both "algorithm" and "algorithms" at the same time.');
162-
163-
$this->processConfig($config,$factory);
130+
// This test is no longer relevant as 'algorithm' option has been removed
131+
$this->markTestSkipped('The "algorithm" option has been removed in Symfony 8.0');
164132
}
165133

166134
publicfunctiontestInvalidOidcTokenHandlerConfigurationMissingAlgorithmParameters()
@@ -183,46 +151,6 @@ public function testInvalidOidcTokenHandlerConfigurationMissingAlgorithmParamete
183151
$this->processConfig($config,$factory);
184152
}
185153

186-
/**
187-
* @group legacy
188-
*
189-
* @expectedDeprecation Since symfony/security-bundle 7.1: The "key" option is deprecated and will be removed in 8.0. Use the "keyset" option instead.
190-
*/
191-
publicfunctiontestOidcTokenHandlerConfigurationWithSingleAlgorithm()
192-
{
193-
$container =newContainerBuilder();
194-
$jwk ='{"kty":"EC","crv":"P-256","x":"0QEAsI1wGI-dmYatdUZoWSRWggLEpyzopuhwk-YUnA4","y":"KYl-qyZ26HobuYwlQh-r0iHX61thfP82qqEku7i0woo","d":"iA_TV2zvftni_9aFAQwFO_9aypfJFCSpcCyevDvz220"}';
195-
$config = [
196-
'token_handler' => [
197-
'oidc' => [
198-
'algorithm' =>'RS256',
199-
'issuers' => ['https://www.example.com'],
200-
'audience' =>'audience',
201-
'key' =>$jwk,
202-
],
203-
],
204-
];
205-
206-
$factory =newAccessTokenFactory($this->createTokenHandlerFactories());
207-
$finalizedConfig =$this->processConfig($config,$factory);
208-
209-
$factory->createAuthenticator($container,'firewall1',$finalizedConfig,'userprovider');
210-
211-
$this->assertTrue($container->hasDefinition('security.authenticator.access_token.firewall1'));
212-
$this->assertTrue($container->hasDefinition('security.access_token_handler.firewall1'));
213-
214-
$expected = [
215-
'index_0' => (newChildDefinition('security.access_token_handler.oidc.signature'))
216-
->replaceArgument(0, ['RS256']),
217-
'index_1' => (newChildDefinition('security.access_token_handler.oidc.jwkset'))
218-
->replaceArgument(0,\sprintf('{"keys":[%s]}',$jwk)),
219-
'index_2' =>'audience',
220-
'index_3' => ['https://www.example.com'],
221-
'index_4' =>'sub',
222-
];
223-
$this->assertEquals($expected,$container->getDefinition('security.access_token_handler.firewall1')->getArguments());
224-
}
225-
226154
publicfunctiontestOidcTokenHandlerConfigurationWithMultipleAlgorithms()
227155
{
228156
$container =newContainerBuilder();

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_oidc_jwe.yml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ security:
2424
claim:'username'
2525
audience:'Symfony OIDC'
2626
issuers:[ 'https://www.example.com' ]
27-
algorithm:'ES256'
27+
algorithms:['ES256']
2828
# tip: use https://mkjwk.org/ to generate a JWK
2929
keyset:'{"keys":[{"kty":"EC","d":"iA_TV2zvftni_9aFAQwFO_9aypfJFCSpcCyevDvz220","crv":"P-256","x":"0QEAsI1wGI-dmYatdUZoWSRWggLEpyzopuhwk-YUnA4","y":"KYl-qyZ26HobuYwlQh-r0iHX61thfP82qqEku7i0woo"}]}'
3030
encryption:

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp