4.x major: Remove deprecations, fix up MultiChecker.

composer.json

@@ -20,11 +20,12 @@
         "issues": "https://github.com/cakephp/authentication/issues",
         "forum": "https://discourse.cakephp.org/",
         "source": "https://github.com/cakephp/authentication",
-        "docs": "https://book.cakephp.org/authentication/3/en/"
+        "docs": "https://book.cakephp.org/authentication/4/en/"
     },
     "require": {
         "php": ">=8.1",
         "cakephp/http": "^5.0",
+        "cakephp/utility": "^5.0",
         "laminas/laminas-diactoros": "^3.0",
         "psr/http-client": "^1.0",
         "psr/http-message": "^1.1 || ^2.0",
@@ -34,7 +35,7 @@
     "require-dev": {
         "cakephp/cakephp": "^5.1.0",
         "cakephp/cakephp-codesniffer": "^5.0",
-        "firebase/php-jwt": "^6.2",
+        "firebase/php-jwt": "^7.0",
         "phpunit/phpunit": "^10.5.58 || ^11.5.3 || ^12.4"
     },
     "suggest": {

docs/en/authenticators.rst

@@ -37,23 +37,34 @@ It also helps to avoid session invalidation.
 Session itself stores the entity object including nested objects like DateTime or enums.
 With only the ID stored, the invalidation due to objects being modified will also dissolve.
 
-Make sure to match this with a Token identifier with ``key``/``id`` keys::
+A default ``TokenIdentifier`` is provided that looks up users by their ``id`` field,
+so minimal configuration is required::
+
+    $service->loadAuthenticator('Authentication.PrimaryKeySession');
+
+Configuration options:
+
+-  **idField**: The field in the database table to look up. Default is ``id``.
+-  **identifierKey**: The key used to store/retrieve the primary key from session data.
+   Default is ``key``.
+
+For custom lookup fields, the ``idField`` and ``identifierKey`` options propagate
+to the default identifier automatically::
+
+    $service->loadAuthenticator('Authentication.PrimaryKeySession', [
+        'idField' => 'uuid',
+    ]);
+
+You can also provide a fully custom identifier configuration if needed::
 
     $service->loadAuthenticator('Authentication.PrimaryKeySession', [
         'identifier' => [
             'Authentication.Token' => [
-                'tokenField' => 'id', // lookup for resolver and DB table
-                'dataField' => 'key', // incoming data from authenticator
+                'tokenField' => 'id',
+                'dataField' => 'key',
                 'resolver' => 'Authentication.Orm',
             ],
         ],
-        'urlChecker' => 'Authentication.CakeRouter',
-        'loginUrl' => [
-            'prefix' => false,
-            'plugin' => false,
-            'controller' => 'Users',
-            'action' => 'login',
-        ],
     ]);
 
 Form
@@ -143,7 +154,7 @@ example.
    If provided will be used instead of the secret key.
 
 You need to add the lib `firebase/php-jwt <https://github.com/firebase/php-jwt>`_
-v6.2 or above to your app to use the ``JwtAuthenticator``.
+v7.0 or above to your app to use the ``JwtAuthenticator``.
 
 By default the ``JwtAuthenticator`` uses ``HS256`` symmetric key algorithm and uses
 the value of ``Cake\Utility\Security::salt()`` as encryption key.
@@ -430,7 +441,7 @@ There is only one event that is fired by authentication:
 ``Authentication.afterIdentify``.
 
 If you don’t know what events are and how to use them `check the
-documentation <https://book.cakephp.org/4/en/core-libraries/events.html>`__.
+documentation <https://book.cakephp.org/5/en/core-libraries/events.html>`__.
 
 The ``Authentication.afterIdentify`` event is fired by the
 ``AuthenticationComponent`` after an identity was successfully

docs/en/identifiers.rst

@@ -172,7 +172,7 @@ Configuration options:
 -  **userModel**: The user model identities are located in. Default is
    ``Users``.
 -  **finder**: The finder to use with the model. Default is ``all``.
-   You can read more about model finders `here <https://book.cakephp.org/4/en/orm/retrieving-data-and-resultsets.html#custom-finder-methods>`__.
+   You can read more about model finders `here <https://book.cakephp.org/5/en/orm/retrieving-data-and-resultsets.html#custom-finder-methods>`__.
 
 In order to use ORM resolver you must require ``cakephp/orm`` in your
 ``composer.json`` file (if you are not already using the full CakePHP framework).

docs/en/index.rst

@@ -8,22 +8,18 @@ Project's ROOT directory (where the **composer.json** file is located)
 
     php composer.phar require cakephp/authentication
 
-Version 3 of the Authentication Plugin is compatible with CakePHP 5.
+Version 4 of the Authentication Plugin is compatible with CakePHP 5.
 
-Load the plugin by adding the following statement in your project's ``src/Application.php``::
+Load the plugin using the following command::
 
-    public function bootstrap(): void
-    {
-        parent::bootstrap();
-
-        $this->addPlugin('Authentication');
-    }
+.. code-block:: shell
 
+    bin/cake plugin load Authentication
 
 Getting Started
 ===============
 
-The authentication plugin integrates with your application as a `middleware <https://book.cakephp.org/4/en/controllers/middleware.html>`_. It can also
+The authentication plugin integrates with your application as a `middleware <https://book.cakephp.org/5/en/controllers/middleware.html>`_. It can also
 be used as a component to make unauthenticated access simpler. First, let's
 apply the middleware. In **src/Application.php**, add the following to the class
 imports::