-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: HMAC SHA256 Authentication #795
Conversation
Thank you for sending this PR! You must GPG-sign your work, certifying that you either wrote the work or otherwise have the right to pass it on to an open-source project. |
And we don't use |
@kenjis My apologies, I thought I had that setup correctly. Since I obviously didn't, how do I retroactively sign what I have submitted? |
@kenjis I have rebased and signed my code. I appreciate your assistance on that. |
@tswagger Thank you! |
I am not sure how you would like me to address the final failed check. I intentionally mirrored the Authorize Tokens classes. I could create a shared trait or abstract parent class, but some of the differences, while subtle, are major enough to make that challenging. |
We will give it some consideration, so please leave it as it is. Adding Trait or abstract classes could make the design worse. |
That was my thought. I will leave it in your hands. Please let me know if you need anything else from me. |
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
Signed-off-by: tswagger <[email protected]>
Signed-off-by: tswagger <[email protected]>
Co-authored-by: kenjis <[email protected]>
Co-authored-by: kenjis <[email protected]>
Signed-off-by: tswagger <[email protected]>
Signed-off-by: tswagger <[email protected]>
Added AuthToken config as a separate config for Token/HMAC auth from JWT Updated test to reflect logging adjustment change. Signed-off-by: tswagger <[email protected]>
Co-authored-by: kenjis <[email protected]>
Signed-off-by: tswagger <[email protected]>
Signed-off-by: tswagger <[email protected]>
Signed-off-by: tswagger <[email protected]>
Co-authored-by: Pooya Parsa <[email protected]>
Co-authored-by: Pooya Parsa <[email protected]>
Signed-off-by: tswagger <[email protected]>
Signed-off-by: tswagger <[email protected]>
Signed-off-by: tswagger <[email protected]>
Signed-off-by: tswagger <[email protected]>
Signed-off-by: tswagger <[email protected]>
Signed-off-by: tswagger <[email protected]>
Signed-off-by: tswagger <[email protected]>
cedf26e
to
a1b64db
Compare
Signed-off-by: tswagger <[email protected]>
Cannot reproduce the PHPStan errors.
https://github.com/codeigniter4/shield/actions/runs/6223741069/job/16907463318?pr=795 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
@tswagger Thank you! |
Oh, my dependencies were old.
Fixed by #840 |
Adding HMAC-SHA256 as an authenticator. This method has a slight security advantage to a standard token authentication by signing the request with a shared secret.
Usage and coding mirrors closely the established Access Token Authentication classes and methods.
References: