We have a CakePHP app that uses v2.3.7 that needs to be updated to use an authentication microservice (that we developed and host). The CakePHP app is just 1 backend that will use this authentication which is why it has been centralized.
The current CakePHP app uses the standard FormAuthentication.
My team needs an experienced CakePHP developer that can develop a proof of concept CakePHP app that can authenticate externally using our centralized auth service and advice us on issues that would affect our current users and authentication flow.
The centralized service issues Auth (short lifespan) and Refresh tokens (long lifespan) based on jwt. On CakePHP we want sessions to last indefinitely so the checking - locally using RSA based signature on JWT - and refreshing of tokens will need to happen as part of the authentication of CakePHP session - the idea is not to expose the Auth service token to CakePHP session mechanism which continues to work with Cookies and Redis session handler.
If you have experienced working on custom authentication in CakePHP, we invite you to develop the custom authentication handler for CakePHP with us :)