Cphalcon: [NFR] JWT support

There are really many of libraries. See Libraries section on https://jwt.io

I don't think this should be in phalcon. There are also issues of misuse with JWT many people dont know how to correctly use JWT tokens.
it should be something left to a library

I agree too, not sure why we need this in phalcon. Maybe if we would have some built-in authentication mechanism - then we can think about this.

My main thing to have this in the framework is performance. Don't think you can have that speed with an external library. It could be a simple encoding, decoding and validating mechanism like ReallySimpleJWT.
We could also connect this to https://github.com/phalcon/cphalcon/issues/13790 and combine it with authentication mechanisms or add this as a separate item on the voting list if the rest of the core team find this useful also. Otherwise let's close this so we keep the issue list small :D

I can't say that performance is good enough of a reason on it's own for this to be implemented in Phalcon.

I think we have more important fish to fry atm. Whole lake of them, actually.

I use JWT all the time, just because of that, I'd like it to be implemented too. No other reason than I like the way Phalcon team implements things just the way I like.

I think that this is something that could be added anytime in the 4 series.

As far as I know there isn't an internal authentication mechanism in Phalcon. So that I had to implement something like adapter based mechanism which addresses session and JWT authentication. In the other hand, I can't remember any framework that has internal JWT authentication implementation.
Could anyone mention such a framework?

Django drf?

As far as I know there isn't an internal authentication mechanism in Phalcon. So that I had to implement something like adapter based mechanism which addresses session and JWT authentication. In the other hand, I can't remember any framework that has internal JWT authentication implementation.
Could anyone mention such a framework?

https://docs.spring.io/spring-security/site/docs/5.0.0.M4/api/org/springframework/security/jwt/Jwt.html

@XpamAmAdEuS Yes. This Java-based framework has an internal implementation of JWT.
If you look at this page https://spring.io/projects/spring-security, it's saying that Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Where is the internal authentication mechanism in Phalcon that JWT could be part of it?

@XpamAmAdEuS Yes. This Java-based framework has an internal implementation of JWT.
If you look at this page https://spring.io/projects/spring-security, it's saying that Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Where is the internal authentication mechanism in Phalcon that JWT could be part of it?

spring-security is module/addon for spring framework.
maybe phalcon can have separate security package that work like spring /spring-security?

framework is one project and security for that framework another project.
Jwt should not be part of phalcon but phalcon-security.
Sry for my bad english.

spring-security is module/addon for spring framework.
maybe phalcon can have separate security package that work like spring /spring-security?

framework is one project and security for that framework another project.
Jwt should not be part of phalcon but phalcon-security.
Sry for my bad english.

Yeap. I'm agree with you and I think Phalcon needs to cover all aspects of security or at least should offer features about it. For instance, regardless of its manner, current ACL mechanism covers authorization aspect.

Closing this: Please vote for this feature here: https://github.com/phalcon/cphalcon/issues/14608

Addressed in https://github.com/phalcon/cphalcon/pull/14644