New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support JWK thumbprints as key ids #481
Support JWK thumbprints as key ids #481
Conversation
module JWT | ||
module JWK | ||
# https://tools.ietf.org/html/rfc7638 | ||
class Thumbprint |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::JWK::Thumbprint has no descriptive comment
def initialize(options) | ||
options ||= {} | ||
|
||
if options.is_a?(String) # For backwards compatibility when kid was a String |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::JWK::KeyBase#initialize refers to 'options' more than self (maybe move it to another class?)
lib/jwt/jwk/custom_kid_generator.rb
Outdated
|
||
module JWT | ||
module JWK | ||
class CustomKidGenerator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::JWK::CustomKidGenerator has no descriptive comment
require_relative 'configuration/container' | ||
|
||
module JWT | ||
module Configuration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration has no descriptive comment
|
||
module JWT | ||
module Configuration | ||
class JwkConfiguration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::JwkConfiguration has no descriptive comment
end | ||
end | ||
|
||
attr_accessor :kid_generator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::JwkConfiguration#kid_generator is a writable attribute
|
||
module JWT | ||
module Configuration | ||
class DecodeConfiguration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration has at least 10 instance variables
|
||
module JWT | ||
module Configuration | ||
class DecodeConfiguration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration has no descriptive comment
:verify_iat, | ||
:verify_jti, | ||
:verify_aud, | ||
:verify_sub, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration#verify_sub is a writable attribute
module Configuration | ||
class DecodeConfiguration | ||
attr_accessor :verify_expiration, | ||
:verify_not_before, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration#verify_not_before is a writable attribute
:verify_not_before, | ||
:verify_iss, | ||
:verify_iat, | ||
:verify_jti, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration#verify_jti is a writable attribute
class DecodeConfiguration | ||
attr_accessor :verify_expiration, | ||
:verify_not_before, | ||
:verify_iss, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration#verify_iss is a writable attribute
attr_accessor :verify_expiration, | ||
:verify_not_before, | ||
:verify_iss, | ||
:verify_iat, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration#verify_iat is a writable attribute
module JWT | ||
module Configuration | ||
class DecodeConfiguration | ||
attr_accessor :verify_expiration, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration#verify_expiration is a writable attribute
:verify_iss, | ||
:verify_iat, | ||
:verify_jti, | ||
:verify_aud, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration#verify_aud is a writable attribute
:verify_sub, | ||
:leeway, | ||
:algorithms, | ||
:required_claims |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration#required_claims is a writable attribute
:verify_jti, | ||
:verify_aud, | ||
:verify_sub, | ||
:leeway, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration#leeway is a writable attribute
:verify_aud, | ||
:verify_sub, | ||
:leeway, | ||
:algorithms, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::DecodeConfiguration#algorithms is a writable attribute
reset! | ||
end | ||
|
||
def reset! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::Container has missing safe method 'reset!'
|
||
module JWT | ||
module Configuration | ||
class Container |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::Container has no descriptive comment
3306149
to
2f79667
Compare
module JWT | ||
module Configuration | ||
class Container | ||
attr_accessor :decode, :jwk |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::Container#jwk is a writable attribute
module JWT | ||
module Configuration | ||
class Container | ||
attr_accessor :decode, :jwk |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JWT::Configuration::Container#decode is a writable attribute
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update the version.rb to 3.0.0.dev
It's an API breaking change.
Great work! 👍
The API should not have changed in this case, the intention was that at least. What API do you have on your mind? |
2f79667
to
d64ae02
Compare
SourceLevel has finished reviewing this Pull Request and has found:
|
@excpt, I got very curious on what im missing:) |
I see that I have chosen my word poorly. 😖 Clarification: You want to depricate the current used way of kid generation. This will break existing implementations while continuing using the 2.x versions of this gem. I recommend bumping the version to 3.0 in that case. So this is will be clear for all the direct and mostly indirect users of this gem. This allows us to continue the development and it's still possible to continue supporting the 2.x versions. |
Thanks for the clarification 👍 . I will in my turn clarify my thoughts:
|
@excpt ok to merge? No changes to the current behaviour and deprecation will happen at a later stage with some kind of warnings to the user. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you! 👍
d64ae02
to
2e018fb
Compare
2e018fb
to
09daa9e
Compare
This addresses #474.
Allow the default and custom kid generation to be changed to a more "standard" way of generating JWK kids.
Also introduces a configuration concept via
::JWK.configuration
where the default values has been moved.Would very much like to deprecate the current way of kid generation, but we would need to notify about the deprecation in some way before that.