I would like to know if Zend-expressive framewok is a good choice or not,
I have been working with the zendframework since 2006.
I switched to Zend-expressive but I see very few updates and packages.
Can someone tell me whether it is wise to go with a zend-expressive or not.
It does not need extra packages for expressive. You can use all others like zend-barcode, zend-crypt, zend-form, zend-paginator, zend-validator; also PHP packages like sabre/xml, Intervention Image, PhpSpreadsheet and what you need for your application.
This will be true if you’re looking at the zendframework/zendframework package… because it’s a metapackage. In other words, all it does is install other packages. What you need to look at is the various packages on which it depends if you want to see activity. And I can tell you right now: every. single. package. on. which. it. depends. has. had. multiple. new. releases. this. year.
In fact, most had multiple releases last year as well. As I noted in our year-end wrap up in 2017, we published over 260 releases across more than 80 packages last year alone, and we have done similar numbers in the first 6 months of 2018 alone.
If you’re talking about Zend Expressive not getting many updates, perhaps you missed the fact that we released version 3 a few months back? and have had incremental updates to most of the core Expressive packages in the months since? We don’t update the skeleton regularly… because, like the zendframework package, it’s a metapackage, too. Look at the dependencies to get an idea of updates.
I apologize if I’m coming off angry or dismissive; the community puts in a ton of work to get new updates out regularly, and to hear folks claim off-hand that the project has “few updates” or “few packages” (we have almost 200 packages in the ZF/Expressive/Apigility ecosystem!), without qualifying the claim, it feels rather dismissive.
You can help us out: what gives you the impression of few updates? Where do you look for information on updates? If we can get an idea of where people are looking, we can better understand why this impression persists, and come up with solutions for getting our information in front of you, so you’re not working with incorrect data.
Sorry but when i loot at the documentation of the authentication and authorization for laravel i found that easy to implement and the documentation is complete.
I want to implement the authentication and authorization middelware for zend-expressive
but every time I look in github I see this message “WORK IN PROGRESS” that message I see for months. are there good authentication and authorization modules for zend-expressive? because these modules are very important for every application
This is an important detail of this forum thread! Why is this information missing in your initial post?
Please always formulate your questions completely, this will save you and others a lot of work. In addition, no one has to guess. Thanks!
The reason the authorization and authentication middleware are still in progress is because we have wanted to ensure we address as many use cases as presented by our users as possible. We hope to finalize them within the next two months.
That said, ANY middleware compatible with PSR-15 (and even double-pass, legacy PSR-7 middleware) can be used with Expressive. Our own OAuth2 adapter for authentication is a wrapper over the league/oauth2-server, which can be dropped into Expressive by itself. (We are wrapping it to provide common interfaces around users and reporting “unauthenticated” responses, which will allow us to provide standardized authorization more easily.)
Yes, the projects have been in that status for months; this is because it takes time to get the code correct. We’ve already changed the interfaces several times, which we will not be able to do once we hit a stable release.
In the meantime, search Packagist for authentication and/or authorization middleware for 3rd party solutions.
All expressive modules for authentication and authorization are essentials for me and my projects.
I already use Expressive 3 for some basic websites (no authentication) and also use for one intranet apps with zend-expressive-authentication and zend-expressive-authentication-session (apps with login access). Yes i know that authentication/authorization it is not 100% ready, i hope will have not too much BC break until 1.0 
I also have project for API apps with zend-expressive-authentication-oauth2 but for this one i’m waiting because is a big project.
I really like to work with Expressive 3 but yes will be a good news when all authentication and authorization modules will be stabilised and 100% ready for production.
If there are no bugs reported and everything is working correctly, there is no need to update a package on a weekly base. Since zendframework 2.5 packages follow their own release schedule. So while one package is still developed as 2.x, others are already 3.x or even higher.
To addition what the others said already, zend-expressive-authentication and related packages already had 1.0.0alpha releases. However we found that the packages were not feature complete and decided to go back to 0.x releases. This is also the reason the documentation might not be complete yet.
I’m already using these auth packages in a project I’m currently building and it’s working fine and does what I need it to do since the latest release.
To speed up development and releasing a stable version, you could try out the packages, test it and give your feedback and/or help out document it.
Weekly, monthly, or even (twice, thrice) daily -> update must not be based on schedule, but on necessity…
There is nothing wrong in updating many times throughout single day…
There is nothing wrong in updating many times throughout single day…
And the corollary is: there is nothing wrong with performing no releases if no changes are currently necessary or proposed, or if the changes need more time to test.
The insistence by many developers that the activity of a project is related to quality in any way is, frankly, ridiculous. In many ways, less activity is often a more sure sign of better quality. But using either metric in isolation is a fallacy.
Could not be more wrong…
The more activity, the better/higher quality… I dont see how less activity equals higher quality… make no-sense for me.
No its NOT ridiculous… its clear-thinking, or, if you prefer, sign of wisdom and/or project-oriented thinking…
Please ellaborate…
cloudenv https://discourse.zendframework.com/u/cloudenv
August 4matthew:
less activity is often a more sure sign of better quality .
Could not be more wrong…
The more activity, the better/higher quality… I dont see how less activity
equals higher quality… make no-sense for me.
I’m just going to throw in a data point here, in order to make this clear
with a personal example:
Extremely carefully crafted. Not all design decisions are correct, but
everything is tested to paranoid levels (As it frikken should be! Test your
code, people!).
The result is a few million downloads with basically no activity at all (
Pulse · Ocramius/ProxyManager · GitHub). Also no new
feature requests: it does what it is supposed to do.
Feel free to prove me wrong, but this is what stability and quality are.
matthew:
The insistence by many developers that the activity of a project is
related to quality in any way is, frankly, ridiculous.No its NOT ridiculous… its clear-thinking, or, if you prefer, sign of
wisdom and/or project-oriented thinking…
I think the same example of the above one counts here.
matthew:
But using either metric in isolation is a fallacy.
Please ellaborate…
You could have a project with fantastic quality and no activity at all
because nobody is using it, hence why I correlated it with usage
(downloads) above.
Marco Pivetta
This alone is quite impressive… Thats nice indeed.
But this has nothing to do with meritum.
And neither does project activity. That’s the point we’re trying to establish.
High number of downloads, with low levels of issues and feature requests, however, likely indicates that the project is a) useful, and b) does what users expect it to do. High amounts of issues, feature requests, and releases, while indicative of people engaging with the project, does not necessarily mean the project is a) generally of good quality, or b) does what it’s supposed to. Don’t mistake project churn for quality.
Other data that can be ambiguous: the size and activity level of a project’s online community. Big community correlates to wide adoption correlates to quality, I think. But if there are a zillion questions per day on Stackoverflow about a project, that may cut the other way: hard to use. Or at least, difficult learning curve.
someone knows when authorization and authentication packages are ready?
Looks like they may get a stable release soon: https://github.com/zendframework/zend-expressive-authentication/issues/35#issuecomment-415092022
Thanks for the info 