| # |
Jul 18th 2017, 14:09 |
 admad |
@irongomme set that field and inaccessible in entity then it cant be saved, no need to validate :slightly_smiling_face: |
| # |
Jul 18th 2017, 14:09 |
dereuromark |
you can whitelist the accepted fields on marshalling |
| # |
Jul 18th 2017, 14:08 |
dereuromark |
I think whitelisting is alsways better than blacklisting |
| # |
Jul 18th 2017, 14:08 |
saeideng |
require....() |
| # |
Jul 18th 2017, 14:07 |
irongomme |
Hello everybody, How to add a validation rule to prevent for adding a forbidden field on create ? |
| # |
Jul 18th 2017, 14:06 |
cake-novice |
+1 |
| # |
Jul 18th 2017, 14:04 |
admad |
you would need a to decide the JWT only once per request. The performance difference in that case would be irrelevant imo |
| # |
Jul 18th 2017, 14:04 |
dereuromark |
also i am not comparing firebase with any solution |
| # |
Jul 18th 2017, 14:03 |
cake-novice |
but we should also look at performace at any solution before implement... |
| # |
Jul 18th 2017, 14:02 |
admad |
i am not comparing firebase and https://github.com/lcobucci/jwt .. just was looking at but https://github.com/Spomky-Labs/jose/issues/161 https://github.com/lcobucci/jwt/issues/187 seems some perfomance issue there |
| # |
Jul 18th 2017, 14:02 |
admad |
firebase/jwt is absolutely fine. If you prefer using builders use lcobucci/jwt |
| # |
Jul 18th 2017, 14:02 |
admad |
decoding a jwt token isn't rocket science, why is performance even an issue? |
| # |
Jul 18th 2017, 14:00 |
sathomsen |
i agreee with you but ADmad plugin also required same Firebase |
| # |
Jul 18th 2017, 14:00 |
sathomsen |
I’ve also build a plugin for Facebook authentication that can be used with that plugin for pure API auth :slightly_smiling_face: |
| # |
Jul 18th 2017, 14:00 |
dereuromark |
why is perrformance relevant? |
| # |
Jul 18th 2017, 14:00 |
neon1024 |
cake-novice, I haven’t compared them all. |
| # |
Jul 18th 2017, 14:00 |
cake-novice |
@neon1024 what about its performance issue ? it little bit slow than other solution ? |
| # |
Jul 18th 2017, 13:59 |
sathomsen |
@cake_novice I’ve worked a great deal with ADmad plugin works great:) |
| # |
Jul 18th 2017, 13:57 |
cleptric |
Token signature also there seems |
| # |
Jul 18th 2017, 13:57 |
cleptric |
fair enough, array vs mutators |
| # |
Jul 18th 2017, 13:56 |
neon1024 |
@cleptric https://github.com/lcobucci/jwt/blob/3.2/README.md#creating |
| # |
Jul 18th 2017, 13:55 |
cake-novice |
i was also looking at this.. but https://github.com/Spomky-Labs/jose/issues/161 https://github.com/lcobucci/jwt/issues/187 seems some perfomance issue there |
| # |
Jul 18th 2017, 13:55 |
cleptric |
Calling decode and encode :) ? |
| # |
Jul 18th 2017, 13:55 |
neon1024 |
It’s api is much more logical imho |
| # |
Jul 18th 2017, 13:54 |
neon1024 |
https://github.com/lcobucci/jwt |
| # |
Jul 18th 2017, 13:54 |
neon1024 |
then which one ? |
| # |
Jul 18th 2017, 13:54 |
neon1024 |
I’d say to not use that one |
| # |
Jul 18th 2017, 13:53 |
cleptric |
So yes, it should do the job |
| # |
Jul 18th 2017, 13:53 |
cleptric |
If you asking for the firebase one, we also use it for the new auth plugin |
| # |
Jul 18th 2017, 13:53 |
cake-novice |
ADmads plugin required https://github.com/firebase/php-jwt |
| # |
Jul 18th 2017, 13:53 |
hmic |
so for cake: admad |
| # |
Jul 18th 2017, 13:53 |
hmic |
admads plugin uses that |
| # |
Jul 18th 2017, 13:52 |
cleptric |
ADmads or the firebase one? |
| # |
Jul 18th 2017, 13:51 |
cake-novice |
https://github.com/firebase/php-jwt |
| # |
Jul 18th 2017, 13:51 |
cake-novice |
? |
| # |
Jul 18th 2017, 13:51 |
cake-novice |
is that one also good |
| # |
Jul 18th 2017, 13:51 |
cake-novice |
i can see admad plugin required Firebase JWT lib |
| # |
Jul 18th 2017, 13:48 |
cake-novice |
ok... |
| # |
Jul 18th 2017, 13:48 |
cleptric |
composer will add it to `/vendor` |
| # |
Jul 18th 2017, 13:48 |
cleptric |
No, you install it via composer and use the classes in your App |
| # |
Jul 18th 2017, 13:47 |
cake-novice |
if i want to implement this lib then i need to place it in root/vendor directory ? |