Introduce JWE support

[soumyaray]

Great gem! Any plans in the roadmap to add JWE support to encrypt payloads?

[excpt]

This would be great feature to be introduced. The JWE spec is quite large and supports a lot of algorithms. This could be great enhancement for version 2.0. Are you willing to provide some help to introduce this feature? We are always looking for people to do some code reviews, test the features introduced in the master branch or to improve the documentation.

[soumyaray]

Welp! what did I get myself into? But yes, I'm happy to take a look into JWE. BTW, how do you see the direction of ruby-jwt differ from json-jwt?

[excpt]

There's no difference in using jwt over json-jwt. In the end it's what you prefer to use a more OOP style approach to implement the JWT specs or the more chaotic way we currently have ;)

[aj-michael]

Is anyone actively working on this? If not, I may take a stab.

[kenzan100]

@aj-michael I'm looking forward to your work!

[francescobbo]

I've just published a gem to encrypt and decrypt JWE ciphertexts. It does not support all the key management methods listed by its specification but I think it would be a good fit for this job. See: https://github.com/aomega08/jwe

[excpt]

@aomega08 Thanks for the contribution to the open source community. 👍 🎉

I will check your gem if it fits into the library and if we may add it as a dependency in the 2.0 version.

[francescobbo]

Hey @excpt, any news on this? Have you got any idea of how to integrate the two gems?

[excpt]

Ahoy @aomega08,

I think we should keep the gems independent and provide an interface to integrate the encryption part of JWT into the ruby-jwt gem. Other libs may want to use your gem too.

If you're interested we can move your jwe gem repo into this jwt organization and rename the repo to ruby-jwe. You keep all your administrative permission. If you have further questions - send me a mail (bottom of README.md or my profile.). :)

[waiting-for-dev]

Hi there,

is this feature currently being developed? I see that the repo was moved to the jwt organization, so it seems some work has been done. I would like to use it for warden-jwt_auth and devise-jwt gems so that users can encrypt their JWT in case they want to put something private for use during authentication. It would be nice to have it integrated here so we don't have to reinvent the wheel in other libraries 😄

[excpt]

@waiting-for-dev Unfortunately, this feature is not in active development.