feat: change Config\Auth::jwtConfig

Author: kenjis

src/Authentication/TokenGenerator/JWTGenerator.php

@@ -28,13 +28,14 @@ public function generateAccessToken(User $user): string
         $iat = $this->currentTime->getTimestamp();
         $exp = $iat + $config['timeToLive'];
 
-        $payload = [
-            'iss' => $config['issuer'],     // issuer
-            'aud' => $config['audience'],   // audience
-            'sub' => (string) $user->id,    // subject
-            'iat' => $iat,                  // issued at
-            'exp' => $exp,                  // expiration time
-        ];
+        $payload = array_merge(
+            $config['claims'],
+            [
+                'sub' => (string) $user->id,    // subject
+                'iat' => $iat,                  // issued at
+                'exp' => $exp,                  // expiration time
+            ]
+        );
 
         return $this->jwtAdapter->generate(
             $payload,
@@ -46,25 +47,28 @@ public function generateAccessToken(User $user): string
     /**
      * Issues JWT
      *
-     * @param int|null $ttl Time to live in seconds.
-     * @param string   $key The secret key.
+     * @param array    $claims The payload items.
+     * @param int|null $ttl    Time to live in seconds.
+     * @param string   $key    The secret key.
      */
-    public function generate(array $payload, ?int $ttl = null, $key = null, ?string $algorithm = null): string
+    public function generate(array $claims, ?int $ttl = null, $key = null, ?string $algorithm = null): string
     {
         assert(
-            (array_key_exists('exp', $payload) && ($ttl !== null)) === false,
-            'Cannot pass $payload[\'exp\'] and $ttl at the same time.'
+            (array_key_exists('exp', $claims) && ($ttl !== null)) === false,
+            'Cannot pass $claims[\'exp\'] and $ttl at the same time.'
         );
 
         $config = setting('Auth.jwtConfig');
         $algorithm ??= $config['algorithm'];
         $key ??= $config['secretKey'];
 
-        if (! array_key_exists('iat', $payload)) {
+        $payload = $claims;
+
+        if (! array_key_exists('iat', $claims)) {
             $payload['iat'] = $this->currentTime->getTimestamp();
         }
 
-        if (! array_key_exists('exp', $payload)) {
+        if (! array_key_exists('exp', $claims)) {
             $payload['exp'] = $payload['iat'] + $config['timeToLive'];
         }
 

src/Config/Auth.php

@@ -198,16 +198,21 @@ class Auth extends BaseConfig
      * These settings only apply if you are using the JWT Authenticator
      * for authentication.
      *
+     * These are the default values when you generate and validate JWT
+     *
+     * - claims      The payload items that all JWT have.
      * - secretKey   The secret key. Needs more than 256 bits random string.
      *               E.g., $ php -r 'echo base64_encode(random_bytes(32));'
      * - algorithm   JWT Signing Algorithms.
      * - timeToLive  Specifies the amount of time, in seconds, that a token is valid.
      *
-     * @var array<string, bool|int|string>
+     * @var array<string, array<string, array|bool|int|string>|bool|int|string>
      */
     public array $jwtConfig = [
-        'issuer'     => '<Issuer of the JWT>',
-        'audience'   => '<Audience of the JWT>',
+        'claims' => [
+            'iss' => '<Issuer of the JWT>',
+            'aud' => '<Audience of the JWT>',
+        ],
         'secretKey'  => '<Set secret random string like MQ4GfWut1OYZxPY9fXAIq2YP6KzTSKOGNS7dJNcRrR8=>',
         'algorithm'  => 'HS256',
         'timeToLive' => 1 * HOUR,

tests/Authentication/Authenticators/JWTAuthenticatorTest.php

@@ -114,8 +114,8 @@ public function testCheckNoSubToken()
     {
         $config  = setting('Auth.jwtConfig');
         $payload = [
-            'iss' => $config['issuer'],     // issuer
-            'aud' => $config['audience'],   // audience
+            'iss' => $config['claims']['iss'], // issuer
+            'aud' => $config['claims']['aud'], // audience
         ];
         $token = FirebaseJWT::encode($payload, $config['secretKey'], $config['algorithm']);
 
@@ -168,7 +168,7 @@ public function testGetPayload()
         $payload = $this->auth->getPayload();
 
         $this->assertSame((string) $this->user->id, $payload->sub);
-        $this->assertSame((\setting('Auth.jwtConfig')['issuer']), $payload->iss);
+        $this->assertSame((\setting('Auth.jwtConfig')['claims']['iss']), $payload->iss);
     }
 
     public function testAttemptBadSignatureToken()

tests/Unit/Authentication/Authenticators/JWT/FirebaseAdapaterTest.php

@@ -21,10 +21,14 @@ public function testDecode()
 
         $jwtDecoder = new FirebaseAdapter();
 
-        $payload = $jwtDecoder->decode($token);
+        $config    = setting('Auth.jwtConfig');
+        $key       = $config['secretKey'];
+        $algorithm = $config['algorithm'];
+
+        $payload = $jwtDecoder->decode($token, $key, $algorithm);
 
-        $this->assertSame(setting('Auth.jwtConfig')['issuer'], $payload->iss);
-        $this->assertSame(setting('Auth.jwtConfig')['audience'], $payload->aud);
+        $this->assertSame(setting('Auth.jwtConfig')['claims']['iss'], $payload->iss);
+        $this->assertSame(setting('Auth.jwtConfig')['claims']['aud'], $payload->aud);
         $this->assertSame('1', $payload->sub);
     }