-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds initial implementation of the JWT package #15
Conversation
Just an overall observation about errors in the package: as implemented callers are forced to use string matching to test for different errors. perhaps, we should define a set of testable errors (via errors.Is) and always wrap them with context info before returning. More aligned with how the oidc package does this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good... just a few suggestions and I'm happy to discuss in real-time.
…ryCAPEM not provided
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great. One very small suggestion/nit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great. ty!
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Description
This PR adds an initial implementation of the JWT package, which provides signature verification and claims set validation for JWTs of the JWS form.
The code in this package is similar to that in both the vault-plugin-auth-jwt and consul JWT auth implementations.
Testing
I've integrated and tested the code in this PR in the common-jwt-lib branch of vault-plugin-auth-jwt.
Tests are intentionally absent from this PR in order to first agree on the API and behavior of the package. I'll be adding tests and additional documentation in a subsequent PR once there is agreement.