jwt-auth | package provides json web token middleware | Authentication library

I have an Angular11 UI front-end utilizing Google's RS256 authentication by

1. import { SocialAuthService, GoogleLoginProvider, SocialUser } from 'angularx-social-login';
2. in app.module.ts adding providers: [{ id: GoogleLoginProvider.PROVIDER_ID, provider: new GoogleLoginProvider('my Google-Client-ID')}]

When Google sends me back the JWT token, I send it to my NodeJS App server to establish a JWT-based communication for the session, so this NodeJS App server must validate this JWT. According to this angular-university.io article section "Leveraging RS256 Signatures",

Instead of installing the public key on the Application server, it's much better to have the Authentication server publish the JWT-validating public key in a publicly accessible Url.

I found this JWK (not JWT) link https://www.googleapis.com/oauth2/v3/certs from Google Identity by Erji. Is this the right public key?

I have oauth2 + jwt authorization in my project.

I am creating an API in Laravel 8 (PHP 7.4) and I wanted to secure it. The choice fell on tymon / jwt-auth. I follow the documentation from the website: https://jwt-auth.readthedocs.io/en/develop/quick-start/

Everything works fine here. However, later when I create a route to login and want to get the token using auth()->attempt(), I have the following error:

Undefined method 'attempt'.

My Route code:

I am studying react and node js, to build a full stack login authentication page. Which I found tutorial from this github : "https://github.com/bezkoder/node-js-jwt-auth".

I found this tutorial extremely confusing due to mysql connection errors, the only edit I made is changing the running port from 8080 to 3306, which is a fast fix for having another port running on 8080.

When I run "node server.js" this error pops up few seconds

also, in order to view mysql databases, I am running MySQL Workbench localhost:3306, but the server is stopped, refresh wouldn't work, nor restarting the mysql through services.

The Message shows: Lost connection to MySQL server at 'waiting for initial communication packet'. system error 10060.

Please help, I have no idea what I am doing.

JwtAuthGuard where I verify token from headers:

I'm trying to update my Symfony 4.4.19 to Symfony 5.x but i've got two conflicts who are blocking the process: symfony/monolog-bundle and roave/security-advisories

I'm running method composer update "symfony/*" --with-all-dependencies In Symfony documentation about upgrading, it is clearly specified that "A few libraries starting with symfony/ follow their own versioning scheme. You do not need to update these versions: you can upgrade them independently whenever you want" and the example is...symfony/monolog-bundle

In my project, I have presently a legacy authentication that works in such a way:

1. There is a client (standalone) that talks to an API service which is a custom application running in a container.
2. A cloud Identity provider (IdP) is used that supports OAuth with PKCE. It provides its token via usual login process when the user goes to a login page and then gets redirected to a callback.
3. API service acts as a recipient for the callback. It, therefore, obtains Identity Provider token-1 and stores it in a cache. Based on this it returns to the client a modified token-2 "computed" from token-1 but different.
4. Once the client needs to make a REST call, it decorates it with the token-2 JWT token. The call goes to the API service that matches it to token-1 which can be then validated against IdP.

I have a need to get rid of the API service with cloud-native mechanisms. I assume that AWS HTTP API gateway can be integrated with IdP directly using its JWT Authorizer capability. Regretfully I can not affect the current legacy flow that must remain functional.

However, I would like to insert a Lambda between the JWT Authorizer and client endpoints which would be doing the exchange of client-facing tokens to IdP tokens (doing what API service was doing). Would that be possible and how I can approach this?

I have an symfony application and three kubernetes clusters : dev, staging prod.

I'm using env files to set the environment. I build docker images with the right .env and deploy through kubectl. But as a matter facts, the value of APP_ENV isn't taken into account, even though the other params are (database connexion for example).

My staging env is set to "test" but composer still installs dev dependencies and logs go to /var/log/dev.log. In these log lines I also have an app_environment value which should be set to "test" according to the .env file. Still I find "local" instead.

What am I doing wrong ?

My staging .env file :

I'm trying to handle JWT-authentication in gRPC on my backend. I can extract the JWT in an interceptor but how do I access it in my service? I think it should be done with a CoroutineContextServerInterceptor but this doesn't work: