Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd4eb6c2

Browse files
OskarStarkclaude
authored andcommitted
[SecurityBundle] Remove deprecated OIDC token handler options algorithm and key
Remove the deprecated algorithm and key options from the OIDC token handler configuration,use algorithms and keyset instead.- Add CHANGELOG entry- Add UPGRADE-8.0.md entry with before/after examples- Remove legacy test for deprecated options- No need to remove symfony/deprecation-contracts (not present)
1 parent6ab4a14 commitd4eb6c2

File tree

4 files changed

+36
-75
lines changed

4 files changed

+36
-75
lines changed

‎UPGRADE-8.0.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -330,6 +330,37 @@ Security
330330
* Remove`AbstractListener::__invoke`
331331
* Remove`LazyFirewallContext::__invoke()`
332332

333+
SecurityBundle
334+
--------------
335+
336+
* Remove the deprecated`algorithm` and`key` options from the OIDC token handler configuration, use`algorithms` and`keyset` instead
337+
338+
*Before*
339+
```yaml
340+
# config/packages/security.yaml
341+
security:
342+
firewalls:
343+
main:
344+
access_token:
345+
token_handler:
346+
oidc:
347+
algorithm:'RS256'
348+
key:'https://example.com/.well-known/jwks.json'
349+
```
350+
351+
*After*
352+
```yaml
353+
# config/packages/security.yaml
354+
security:
355+
firewalls:
356+
main:
357+
access_token:
358+
token_handler:
359+
oidc:
360+
algorithms:['RS256']
361+
keyset:'https://example.com/.well-known/jwks.json'
362+
```
363+
333364
Serializer
334365
----------
335366

‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ CHANGELOG
44
8.0
55
---
66

7+
* Remove the deprecated`algorithm` and`key` options from the OIDC token handler configuration, use`algorithms` and`keyset` instead
78
* Remove`LazyFirewallContext::__invoke()`
89

910
7.4

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php

Lines changed: 4 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -92,35 +92,12 @@ public function addConfiguration(NodeBuilder $node): void
9292
->arrayNode($this->getKey())
9393
->fixXmlConfig($this->getKey())
9494
->validate()
95-
->ifTrue(staticfn ($v) => !isset($v['algorithm']) && !isset($v['algorithms']))
96-
->thenInvalid('You must seteither "algorithm" or"algorithms".')
95+
->ifTrue(staticfn ($v) => !isset($v['algorithms']))
96+
->thenInvalid('You must set "algorithms".')
9797
->end()
9898
->validate()
99-
->ifTrue(staticfn ($v) => !isset($v['discovery']) && !isset($v['key']) && !isset($v['keyset']))
100-
->thenInvalid('You must set either "discovery" or "key" or "keyset".')
101-
->end()
102-
->beforeNormalization()
103-
->ifTrue(staticfn ($v) =>isset($v['algorithm']) &&\is_string($v['algorithm']))
104-
->then(staticfunction ($v) {
105-
if (isset($v['algorithms'])) {
106-
thrownewInvalidConfigurationException('You cannot use both "algorithm" and "algorithms" at the same time.');
107-
}
108-
$v['algorithms'] = [$v['algorithm']];
109-
unset($v['algorithm']);
110-
111-
return$v;
112-
})
113-
->end()
114-
->beforeNormalization()
115-
->ifTrue(staticfn ($v) =>isset($v['key']) &&\is_string($v['key']))
116-
->then(staticfunction ($v) {
117-
if (isset($v['keyset'])) {
118-
thrownewInvalidConfigurationException('You cannot use both "key" and "keyset" at the same time.');
119-
}
120-
$v['keyset'] =\sprintf('{"keys":[%s]}',$v['key']);
121-
122-
return$v;
123-
})
99+
->ifTrue(staticfn ($v) => !isset($v['discovery']) && !isset($v['keyset']))
100+
->thenInvalid('You must set either "discovery" or "keyset".')
124101
->end()
125102
->children()
126103
->arrayNode('discovery')
@@ -155,19 +132,11 @@ public function addConfiguration(NodeBuilder $node): void
155132
->isRequired()
156133
->scalarPrototype()->end()
157134
->end()
158-
->arrayNode('algorithm')
159-
->info('Algorithm used to sign the token.')
160-
->setDeprecated('symfony/security-bundle','7.1','The "%node%" option is deprecated and will be removed in 8.0. Use the "algorithms" option instead.')
161-
->end()
162135
->arrayNode('algorithms')
163136
->info('Algorithms used to sign the token.')
164137
->isRequired()
165138
->scalarPrototype()->end()
166139
->end()
167-
->scalarNode('key')
168-
->info('JSON-encoded JWK used to sign the token (must contain a "kty" key).')
169-
->setDeprecated('symfony/security-bundle','7.1','The "%node%" option is deprecated and will be removed in 8.0. Use the "keyset" option instead.')
170-
->end()
171140
->scalarNode('keyset')
172141
->info('JSON-encoded JWKSet used to sign the token (must contain a list of valid public keys).')
173142
->end()

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/AccessTokenFactoryTest.php

Lines changed: 0 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -183,46 +183,6 @@ public function testInvalidOidcTokenHandlerConfigurationMissingAlgorithmParamete
183183
$this->processConfig($config,$factory);
184184
}
185185

186-
/**
187-
* @group legacy
188-
*
189-
* @expectedDeprecation Since symfony/security-bundle 7.1: The "key" option is deprecated and will be removed in 8.0. Use the "keyset" option instead.
190-
*/
191-
publicfunctiontestOidcTokenHandlerConfigurationWithSingleAlgorithm()
192-
{
193-
$container =newContainerBuilder();
194-
$jwk ='{"kty":"EC","crv":"P-256","x":"0QEAsI1wGI-dmYatdUZoWSRWggLEpyzopuhwk-YUnA4","y":"KYl-qyZ26HobuYwlQh-r0iHX61thfP82qqEku7i0woo","d":"iA_TV2zvftni_9aFAQwFO_9aypfJFCSpcCyevDvz220"}';
195-
$config = [
196-
'token_handler' => [
197-
'oidc' => [
198-
'algorithm' =>'RS256',
199-
'issuers' => ['https://www.example.com'],
200-
'audience' =>'audience',
201-
'key' =>$jwk,
202-
],
203-
],
204-
];
205-
206-
$factory =newAccessTokenFactory($this->createTokenHandlerFactories());
207-
$finalizedConfig =$this->processConfig($config,$factory);
208-
209-
$factory->createAuthenticator($container,'firewall1',$finalizedConfig,'userprovider');
210-
211-
$this->assertTrue($container->hasDefinition('security.authenticator.access_token.firewall1'));
212-
$this->assertTrue($container->hasDefinition('security.access_token_handler.firewall1'));
213-
214-
$expected = [
215-
'index_0' => (newChildDefinition('security.access_token_handler.oidc.signature'))
216-
->replaceArgument(0, ['RS256']),
217-
'index_1' => (newChildDefinition('security.access_token_handler.oidc.jwkset'))
218-
->replaceArgument(0,\sprintf('{"keys":[%s]}',$jwk)),
219-
'index_2' =>'audience',
220-
'index_3' => ['https://www.example.com'],
221-
'index_4' =>'sub',
222-
];
223-
$this->assertEquals($expected,$container->getDefinition('security.access_token_handler.firewall1')->getArguments());
224-
}
225-
226186
publicfunctiontestOidcTokenHandlerConfigurationWithMultipleAlgorithms()
227187
{
228188
$container =newContainerBuilder();

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp