Permanent tokens no longer work #292
Description
Subject of the issue
Cannot issue permanent tokens.
Your environment:
| Q | A |
|---|---|
| Bug? | yes |
| New Feature? | yes |
| Framework | Laravel |
| Framework version | 12 |
| Package version | latest |
| PHP version | 8.4 |
Steps to reproduce
Set TTL to null as stated in the config file to issue a permanent token
Expected behavior
Issue a token that does not have exp claim
Actual behavior
The token still contains exp with the default value of 60 minutes TTL due to the claim's default attribute value.
In the commit: 8dc1909
config.php added (int) to ttl.
PHPOpenSourceSaver\JWTAuth\Factory that is responsible for building claims (buildClaims()) checks if ttl is null to remove it.
// remove the exp claim if it exists and the ttl is null
if (null === $this->claimFactory->getTTL() && $key = array_search('exp', $this->defaultClaims)) {
unset($this->defaultClaims[$key]);
}This can be fixed by either checking if TTL does not exist if (!$this->claimFactory->getTTL()), or changing the null check to 0 check
I know I can remove the default exp claim from the config file or simply remove the (int) from the TTL. But I don't want to publish the config since I am using envs to overwrite settings.
The issue in my case is that the business logic requires me to have some tokens that can expire and some that need to be permanent until they are banned. So I want to have default permanent tokens and then I extend the claim factory singleton to set ttl to the tokens that need to expire (tokens that expire are more uncommon)