Jwt-auth: No v1.0 in 3+ years, 400+ issues, only 1 project member

Wow, where do I start. I really shouldn't bother replying to this, but I will since I have a few minutes.

"Leadership problems"

I aint leading a team of people here, nor is this any kind of business endeavour.

I really regret adopting tymondesigns/jwt-auth for my startup project in early 2016, on the then-assurances that a stable 1.0 would be "right around the corner." Three years later, all I have to do is say, shame.

Yes it's true, a tagged v1.0.0 has been a long time coming. This package has grown massively over the last couple of years and obviously so have the number of issues, support requests and questions which is obviously a large burden for a (part time) sole maintainer and I have struggled to keep up.

You have 396 open issues. No version 1 in 3 years. People installing the wrong version by default. NO README with installation instructions to be found ANYWHERE on the master branch. The default GitHub page is the unstable 2.0 develop branch, which you seem to place most of your time and commits in...

Yes there are lots of issues, plain for all to see. Thanks for letting me know. The default "GitHub page" is not "the unstable 2.0 develop branch" It is develop which is the 1.*.* working branch. 2.0 is on a different branch completely.
It's pretty clear where the documentation is for each version on the readme. And yes I agree there has been some confusion about which version to use etc - which I will endeavor to make clearer.

This project is being maintained very very very poorly! Start a Patreon account. Open up to cyrpocurrency investments. Pledge to fix 1.0 until it's stable enough to release 1.0 and THEN AND ONLY THEN focus on 2.0.

I do have a patreon actually, so I might link it somewhere afterall. Would be awesome to be able to set aside some proper funded time to dedicate to jwt-auth development and support requests.

In order to pledge to "fix 1.0" there has to be something wrong to fix. Is there a problem you're having?
I would deem the current release as stable technically, and really the only thing preventing me from publishing it as "stable" is due to the unfinished documentation.

FYI: If I want to create a branch and do some work on there, change some stuff, try some new things... I don't need your permission.

This project is a case study of what NOT to do with an important one-man operation.

What the hell is "an important one-man operation" ?

Oh and how about you add 3-5 people as full-fledged members able to merge pull requests, etc. so that this backlog can start going down?

Sure because it's that simple to get a handful of people working for free. (If anyone is reading this and wants to help out, feel free to DM me on twitter)

Anyways, let it be known that I have given you my "assurance" that the current release is stable. You're welcome.

If this project helped you add value to your application or save you time implementing this stuff yourself, then great, I'm glad, that is why I put it on Github. Beyond that, what the hell do you want from me?

To be clear, I DO NOT do open source full-time. I have no "shame" whatsoever, and to put it bluntly, I owe you NOTHING. This package is provided for free with a permissive MIT license in the hope that others may find it useful and time saving. I am under no obligation to offer any "assurances" or commercial warranties as laid out in the license.

I'll donate $500 and 50 hours of time to get this 1.0. Give me instructions.

Need me to write a detailed tutorial on how to implement v1.0? Say it, and it'll be done before Monday.

Well, I need someone to write some docs that actually work. On a previous project I pieced it together from clues scattered around the web and it's tedious to have to do it again.

I've been using this projects for over 2 years. I've upgraded from 0.5 to 1.0rc. It's true there was a bit of a learning curve, mostly to do with learning how JWT works in general. I had to do some digging and searching to find what worked, but now that I know, it's been super stable and it just WORKS. Haven't had a single problem that I couldn't solve, been using it in production. I can't say I have a ton of users, only a few thousand per application, but I'm very glad this exists. Is there an alternative? I don't think so.. anyway I'd have to reason to switch. I'm very grateful to @tymondesigns and even if I'll be happy to look forward to an official 1.0, the truth is I'll probably hop on the 2.0 beta as soon as it's tagged anyway because I trust this guy to keep putting delivering the goods : )

edit: @hopeseekr very happy to hear you're going to be providing proper docs, look forward to seeing them!

Once everything is up and running, I haven't had any problems with the code itself either.

But I think it's undeniable that the project needs a cleanup. Close out all the open issues that wont be fixed, make sure that the version composer pulls actually works without needing to get the solution from the issue tracker, clean up the documentation for whatever the current version is and ensure it a) works and b) doesn't have empty headings for documentation that will never be written c) is all in one place, not on the github wiki and then also some other website etc.

People have offered to help with all this. It should only be a few days work to clean everything up and make the project look far more professional.

I just need v1.0 so that my clients will rest easier.

I mean, I really did take a risk in early 2016 when this project wasn't even in the rc state. Try telling your client that this is the only unstable dependency even though it's one of the absolute most essential for site security. It does not go well, ever.

Don't want to stir the pot, but if you are running a startup you should probably fork this and have your team fix whatever doesn't work for you. Other options would be to build an auth layer thats not integrated into your application.

A fairly robust solution is express passport. You can simply provide the same JWT secret to php and node, then have your PHP layer check the user and scopes of the JWT.

Oh my God!

v1.0.0 of tymon/jwt-auth was released on 4 March 2020!!

https://github.com/tymondesigns/jwt-auth/commits/1.0.0

Frickin awesome!