Skip to content

[Security] Add security:oidc-token:generate command #60660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fabpot merged 1 commit into from
Oct 6, 2025
Merged

[Security] Add security:oidc-token:generate command #60660

fabpot merged 1 commit into from
Oct 6, 2025

Conversation

@Jean-Beru
Copy link
Contributor

@Jean-Beru Jean-Beru commented Jun 3, 2025
edited
Loading

Q A
Branch? 7.4
Bug fix? no
New feature? yes (should I create the CHANGELOG-7.4.md file?)
Deprecations? no
Issues
License MIT

The OidcTokenHandlerintroduced in Symfony 6.3, allows to decode a JWT token, validate it and retrieve the user info from it.

This pull request introduces a new Symfony command, bin/console security:oidc-token:generate, designed to facilitate the generation of JWTs. It can be useful for generating a token for testing purpose.

Argument and options

Description:
  Generate an OIDC token for a given user

Usage:
  security:oidc-token:generate [options] [--] <user-identifier>

Arguments:
  user-identifier              User identifier

Options:
      --firewall=FIREWALL      Firewall
      --algorithm=ALGORITHM    Algorithm name to use to sign
      --issuer=ISSUER          Set the Issuer claim (iss)
      --ttl=TTL                Set the Expiration Time claim (exp) (time to live in seconds)
      --not-before=NOT-BEFORE  Set the Not Before claim (nbf)

Usage

php bin/console security:oidc-token:generate [email protected] \
  --firewall="api" \
  --algorithm="HS256" \
  --issuer="https://example.com" \
  --ttl=7200 \
  --not-before=tomorrow

Tip

When there is only one value, both "firewall", "algorithm" and "issuer" are not required..

@Jean-Beru Jean-Beru requested a review from chalasr as a code owner June 3, 2025 14:35
@carsonbot carsonbot added this to the 7.4 milestone Jun 3, 2025
@Jean-Beru Jean-Beru force-pushed the security/generate-oidc-command branch from 4fba1cd to d5b0868 Compare June 3, 2025 14:56
@chalasr
Copy link
Member

chalasr commented Jun 6, 2025

Good call 👍I would make "token" or "jwt" part of the command name though as I find "oidc:generate" rather confusing (yup, no better suggestion yet 🙃).

@Jean-Beru Jean-Beru changed the title [Security] Add security:oidc:generate command [Security] Add security:oidc-token:generate command Jun 6, 2025
@Jean-Beru
Copy link
Contributor Author

Jean-Beru commented Jun 6, 2025

Good call 👍I would make "token" or "jwt" part of the command name though as I find "oidc:generate" rather confusing (yup, no better suggestion yet 🙃).

Sure! Not more inspired than you, I renamed it to oidc-token:generate 😅

Spomky
Spomky approved these changes Jun 11, 2025
View reviewed changes
Copy link
Contributor

@Spomky Spomky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a nice idea!
No remarks for this PR and OK with the name oidc-token:generate.

@chalasr
Copy link
Member

chalasr commented Jun 11, 2025

Maybe security:oidc:generate-token would be more future-proof?

stof
stof requested changes Jun 11, 2025
View reviewed changes
@stof
Copy link
Member

stof commented Jun 11, 2025

I like the security:oidc:generate-token name suggested by @chalasr as it makes it possible to add more commands related to oidc in the future even for other purposes.

@Jean-Beru
Copy link
Contributor Author

Jean-Beru commented Jun 16, 2025

I like the security:oidc:generate-token name suggested by @chalasr as it makes it possible to add more commands related to oidc in the future even for other purposes.

OK, let's go with security:oidc:generate-token 🚀

fabpot
fabpot requested changes Oct 6, 2025
View reviewed changes
src/Symfony/Component/Security/Http/Command/OidcTokenGenerateCommand.php
;
}


Copy link
Member

@fabpot fabpot Oct 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extra new line

Suggested change

src/Symfony/Component/Security/Http/Tests/AccessToken/Oidc/OidcTokenGeneratorTest.php Outdated
*/
class OidcTokenGeneratorTest extends TestCase
{

Copy link
Member

@fabpot fabpot Oct 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

src/Symfony/Component/Security/Http/Command/OidcTokenGenerateCommand.php Outdated
Comment on lines 27 to 28
*
* @final
Copy link
Member

@fabpot fabpot Oct 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not needed as the class is already marked as final.

Suggested change
*
* @final

@fabpot fabpot force-pushed the security/generate-oidc-command branch from 730512f to 5c18b1a Compare October 6, 2025 05:55
@fabpot
Copy link
Member

fabpot commented Oct 6, 2025

Thank you @Jean-Beru.

@fabpot fabpot merged commit fd498be into symfony:7.4 Oct 6, 2025
4 of 12 checks passed
@fabpot fabpot mentioned this pull request Oct 6, 2025
Closed
@xabbuh xabbuh mentioned this pull request Oct 9, 2025
Merged
@Jean-Beru Jean-Beru deleted the security/generate-oidc-command branch October 13, 2025 11:47
@fabpot fabpot mentioned this pull request Oct 27, 2025
Merged
@fabpot fabpot mentioned this pull request Oct 27, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stof stof stof requested changes

@fabpot fabpot fabpot approved these changes

@Spomky Spomky Spomky approved these changes

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

Assignees

No one assigned

Labels

Feature Security Status: Reviewed

Projects

None yet

Milestone

7.4

Development

Successfully merging this pull request may close these issues.

6 participants

@Jean-Beru @chalasr @stof @fabpot @Spomky @carsonbot