New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump jwt version #27
Bump jwt version #27
Conversation
lib/doorkeeper-jwt.rb
Outdated
@@ -41,7 +41,7 @@ def secret_key_file | |||
end | |||
|
|||
def encryption_method | |||
return nil unless Doorkeeper::JWT.configuration.encryption_method | |||
return 'none' unless Doorkeeper::JWT.configuration.encryption_method |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Looks like @chriswarren doesn't maintain this gem anymore. If he doesn't want to work on it, we (@doorkeeper-gem) would be glad to transfer this project under organization in order to have an ability to support it. |
@nbulaj since @chriswarren is not even responding may be you can fork and release a different gem altogether referencing it in the doorkeeper README.md. As far as I understand, jwt version < 2.0.0 has asymmetric key vulnerability. Not that you need any, but I can help to maintain the gem. |
Hi @bihanichandresh . To release this gem I need permissions on Rubygems that must be granted by @chriswarren . I don't really like the way of introducing one more gem with the same name |
Also we can ping @MarkMurphy as he has an access to this repo |
Yep. I can get it done. |
I agree, this is what should happen. @chriswarren |
Sorry for not replying to this sooner. I'll gladly transfer this over to @doorkeeper-gem, as I am not actively using it or working it anymore. |
Looks like I'll need the ability to create a repo on @doorkeeper-gem temporarily to transfer ownership. Once that happens I'll move it over right away, then add permissions on Rubygems for whoever needs them. |
@chriswarren I created a new repo on the Doorkeeper organization https://github.com/doorkeeper-gem/doorkeeper-jwt You can try to transfer your repo to this one |
You will need to delete that repo and give me permission to create a new repo. I just tried to transfer again and got the following error: "doorkeeper-gem/doorkeeper-jwt already exists and You don’t have the permission to create repositories on doorkeeper-gem". |
@chriswarren removed, please try again |
@nbulaj I still need permission to create a new repo. "You don’t have the permission to create repositories on doorkeeper-gem" |
Thanks we lot @chriswarren. Really appreciate your efforts. A salute from me and the community. :) |
Dooh, this GitHub settings. I added you, @chriswarren, to doorkeeper-jwt team and granted permissions to create / transfer repositories. Try it please, and let me know if you still don't have required permissions |
Alright, the transfer has been initiated. Looks like I'll need an email address (or multiple) to add owners on RubyGems. |
You can find my email in Doorkeeper gemspec |
@nbulaj do you have a Rubygems account? I'm getting an "Owner could not be found" error when trying to add that email address. |
Yes, there it is - https://rubygems.org/profiles/nikita_bulai |
Alright, I managed to add it via the user name, but it looks like there's no email associated with the account. I think everything should be good to go now. Thanks for taking this over, hopefully it helps folks out. |
Thank you @chriswarren for your work and this awesome gem. Hope we can continuously improve it :) And we'll start from this PR. |
Hi @pacop. Could you please add an entry to changelog and squash all the commits to a single one? Thanks! |
@nbulaj would like to be part of doorkeeper-jwt and doorkeeper maintainer community at large. Please do let me know if we can collaborate. :) |
Done @nbulaj |
Thanks @pacop ! |
New version of JWT doesn't have type parameter, so it has been completely removed. algorithm param is now mandatory, so nil has been changed to 'none'.
No additional changes have been required.