Authentication with a Public Key should allow connecting a specific user
Summary
When authenticating with a Public Key, Core does not allow connecting a valid user id to the token, making impossible to identify a standard user using this method.
Current Behavior
During the authentication, Core just checks if the passed public key can be found in any of the files specified in the auth.ini
file: if so, a session token is generated without a valid user id connected.
Desired Behavior
Core should support the ability to read the User ID somewhere, making it possible to connect an existing user to a token authenticated via public key.
Implementation Plan
- When cycling through public keys files, use their name to associate a user identifier (this should be done optionally, because we don't want to break the existing behavior). For example, look for the prefix
(id)
and use the following characters to build the identifier (something like(id)user@domain.com
triggers the new behavior, whilemykey.pub
does not). - Use the User implementation to get the user which responds to the specified identifier and gather its database ID.
- Create a new SessionToken object which includes the User ID.
Migration Plan
This improvement does not break backward compatibility.
Benefits
Allowing users to be identified using their public keys is a huge step forward in supporting integrated systems and 3rd-party login applications.