Update cakephp/authentication requirement from ^3.0 to ^4.0

[dependabot]

Updates the requirements on cakephp/authentication to permit the latest version.

Release notes

Sourced from cakephp/authentication's releases.

CakePHP Authentication 4.0.0

Breaking Changes

• Identifier configuration format changed - Moved from nested array to flatter structure:

  // Before
  'identifier' => ['Authentication.Token' => ['tokenField' => 'id', ...]]
  // After
  'identifier' => ['className' => 'Authentication.Token', 'tokenField' => 'id', ...]

• Class renames:

  • CakeRouterUrlChecker → DefaultUrlChecker
  • DefaultUrlChecker (framework-agnostic) → GenericUrlChecker

• SessionAuthenticator identify option removed - This deprecated option has been removed. Use PrimaryKeySessionAuthenticator if you need session-based authentication without password re-verification.

• Identifier parameter now optional in AbstractAuthenticator constructor

• Removed deprecated code including loadIdentifier() method

• Updated dependency: firebase/php-jwt now requires ^7.0

Improvements

• Lazy identifier initialization via getIdentifier() method
• Cleaner authenticator/identifier relationship
• Redirect validation feature (backported from 3.x)
• Plugin now properly declares cakephp/cakephp as dependency
• Identity::get() now supports dot-separated field names for nested data access
• New IdentityHelper::getIdentity() method for easier identity access in templates
• PrimaryKeySessionAuthenticator now has a default TokenIdentifier configured

Migration

Rector rules available at cakephp/upgrade#370 for automated migration assistance.

Full Changelog: cakephp/authentication@3.3.5...4.0.0

Commits

• 8faadab Make identifier parameter optional in AbstractAuthenticator
• a3f120a Clean up dormant code after identify option removal
• 18afbf8 Remove deprecated identify option from SessionAuthenticator
• e5f710c Merge branch '3.x' into 4.x
• e559c80 Merge pull request #767 from cakephp/identity-helper
• 95215e4 Merge pull request #766 from cakephp/identity-get
• 9a12edc Merge pull request #763 from cakephp/fix/deprecate-session-identify
• 79c784a Merge pull request #768 from cakephp/copilot/sub-pr-767
• c52efc2 Add test for getIdentity() returning null without identity
• cbc12d3 Initial plan
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.