Decouple `IdentityHandler` from `Authenticator`

Question

Decouple `IdentityHandler` from `Authenticator`

Opened this issue 3 years ago · 1 comments

We use custom authenticators (independent on Nette\Security\Authenticator interface) which produce instances of Nette\Security\IIdentity so that it can be used for User#login($identity) afterwards. Inside of the identity, there is an object which need to be (de)serialized in a special way. IdentityHandler seems perfect for this job.

Sadly, in current implementation, IdentityHandler is only applied if it's implemented within Authenticator, but not standalone. As a workaround, I can:

create fake authenticator implementing the Nette one and IdentityHandler as well (see below)
don't use User at all

Example of fake authenticator:

class Authenticator implements \Nette\Security\Authenticator
{
    public function authenticate(...)
    {
        throw new Exception('Don\'t use me for authentication');
    }

    public function sleepIdentity(...) { ... } // real work
    public function wakeupIdentity(...) { ... } // real work

Suggestion

Support IdentityHandler on its own with a configuration param. User will require it from DI then.

namespace App;

class IdentityHandler implements \Nette\Security\IdentityHandler
{
    public function sleep(...) { ... } // real work
    public function wakeup(...){ ... } // real work
}

security:
    identityHandler: App\IdentityHandler

Answer 1 · 2022-03-30T05:01:26.000Z

Actually all what is needed is to receive IdentityHandler here as a separate service from DI.

There is no BC break, as there was only one IdentityHandler & Authenticator it will return the same class anyway. :-)