Skip to content

Commit 8c6aca1

Browse files
swifferswiffer
committed
attempt to implement support for cached keyset
1 parent 29a9af6 commit 8c6aca1

File tree

2 files changed

+20
-3
lines changed

2 files changed

+20
-3
lines changed

composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,8 @@
2121
"cakephp/cakephp": "^4.0",
2222
"cakephp/cakephp-codesniffer": "^4.0",
2323
"firebase/php-jwt": "^6.2",
24-
"phpunit/phpunit": "^8.5 || ^9.3"
24+
"phpunit/phpunit": "^8.5 || ^9.3",
25+
"symfony/cache": "^6.0"
2526
},
2627
"suggest": {
2728
"cakephp/orm": "To use \"OrmResolver\" (Not needed separately if using full CakePHP framework).",

src/Authenticator/JwtAuthenticator.php

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,15 +18,19 @@
1818

1919
use ArrayObject;
2020
use Authentication\Identifier\IdentifierInterface;
21-
use Cake\Utility\Hash;
21+
use Cake\Cache\Cache;
22+
use Cake\Http\Client;
2223
use Cake\Utility\Security;
2324
use Exception;
25+
use Firebase\JWT\CachedKeySet;
2426
use Firebase\JWT\JWK;
2527
use Firebase\JWT\JWT;
2628
use Firebase\JWT\Key;
29+
use Laminas\Diactoros\RequestFactory;
2730
use Psr\Http\Message\ServerRequestInterface;
2831
use RuntimeException;
2932
use stdClass;
33+
use Symfony\Component\Cache\Adapter\Psr16Adapter;
3034

3135
class JwtAuthenticator extends TokenAuthenticator
3236
{
@@ -42,6 +46,7 @@ class JwtAuthenticator extends TokenAuthenticator
4246
'secretKey' => null,
4347
'subjectKey' => IdentifierInterface::CREDENTIAL_JWT_SUBJECT,
4448
'jwks' => null,
49+
'jwksCache' => null,
4550
];
4651

4752
/**
@@ -150,7 +155,18 @@ protected function decodeToken(string $token): ?object
150155
{
151156
$jsonWebKeySet = $this->getConfig('jwks');
152157
if ($jsonWebKeySet) {
153-
$keySet = JWK::parseKeySet($jsonWebKeySet);
158+
$jsonWebKeySetCache = $this->getConfig('jwksCache');
159+
if ($jsonWebKeySetCache) {
160+
$keySet = new CachedKeySet(
161+
$jsonWebKeySet,
162+
new Client(),
163+
new RequestFactory(),
164+
new Psr16Adapter(Cache::pool($jsonWebKeySetCache)),
165+
3000
166+
);
167+
} else {
168+
$keySet = JWK::parseKeySet($jsonWebKeySet);
169+
}
154170

155171
return JWT::decode(
156172
$token,

0 commit comments

Comments
 (0)