Support JWK thumbprints as key ids #481
Conversation
![sourcelevel-bot[bot]](https://avatars.githubusercontent.com/in/597?s=60&v=4){kind=small}
| module JWT | ||
| module JWK | ||
| # https://tools.ietf.org/html/rfc7638 | ||
| class Thumbprint |
There was a problem hiding this comment.
JWT::JWK::Thumbprint has no descriptive comment
| def initialize(options) | ||
| options ||= {} | ||
|
|
||
| if options.is_a?(String) # For backwards compatibility when kid was a String |
There was a problem hiding this comment.
JWT::JWK::KeyBase#initialize refers to 'options' more than self (maybe move it to another class?)
lib/jwt/jwk/custom_kid_generator.rb
Outdated
|
|
||
| module JWT | ||
| module JWK | ||
| class CustomKidGenerator |
There was a problem hiding this comment.
JWT::JWK::CustomKidGenerator has no descriptive comment
| require_relative 'configuration/container' | ||
|
|
||
| module JWT | ||
| module Configuration |
There was a problem hiding this comment.
JWT::Configuration has no descriptive comment
|
|
||
| module JWT | ||
| module Configuration | ||
| class JwkConfiguration |
There was a problem hiding this comment.
JWT::Configuration::JwkConfiguration has no descriptive comment
| end | ||
| end | ||
|
|
||
| attr_accessor :kid_generator |
There was a problem hiding this comment.
JWT::Configuration::JwkConfiguration#kid_generator is a writable attribute
|
|
||
| module JWT | ||
| module Configuration | ||
| class DecodeConfiguration |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration has at least 10 instance variables
|
|
||
| module JWT | ||
| module Configuration | ||
| class DecodeConfiguration |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration has no descriptive comment
| :verify_iat, | ||
| :verify_jti, | ||
| :verify_aud, | ||
| :verify_sub, |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration#verify_sub is a writable attribute
| module Configuration | ||
| class DecodeConfiguration | ||
| attr_accessor :verify_expiration, | ||
| :verify_not_before, |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration#verify_not_before is a writable attribute
| :verify_not_before, | ||
| :verify_iss, | ||
| :verify_iat, | ||
| :verify_jti, |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration#verify_jti is a writable attribute
| class DecodeConfiguration | ||
| attr_accessor :verify_expiration, | ||
| :verify_not_before, | ||
| :verify_iss, |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration#verify_iss is a writable attribute
| attr_accessor :verify_expiration, | ||
| :verify_not_before, | ||
| :verify_iss, | ||
| :verify_iat, |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration#verify_iat is a writable attribute
| module JWT | ||
| module Configuration | ||
| class DecodeConfiguration | ||
| attr_accessor :verify_expiration, |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration#verify_expiration is a writable attribute
| :verify_iss, | ||
| :verify_iat, | ||
| :verify_jti, | ||
| :verify_aud, |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration#verify_aud is a writable attribute
| :verify_sub, | ||
| :leeway, | ||
| :algorithms, | ||
| :required_claims |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration#required_claims is a writable attribute
| :verify_jti, | ||
| :verify_aud, | ||
| :verify_sub, | ||
| :leeway, |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration#leeway is a writable attribute
| :verify_aud, | ||
| :verify_sub, | ||
| :leeway, | ||
| :algorithms, |
There was a problem hiding this comment.
JWT::Configuration::DecodeConfiguration#algorithms is a writable attribute
| reset! | ||
| end | ||
|
|
||
| def reset! |
There was a problem hiding this comment.
JWT::Configuration::Container has missing safe method 'reset!'
|
|
||
| module JWT | ||
| module Configuration | ||
| class Container |
There was a problem hiding this comment.
JWT::Configuration::Container has no descriptive comment
anakinj
force-pushed
the
configuration-and-thumbprint-as-kid
branch
from
3306149
to
2f79667
Compare
| module JWT | ||
| module Configuration | ||
| class Container | ||
| attr_accessor :decode, :jwk |
There was a problem hiding this comment.
JWT::Configuration::Container#jwk is a writable attribute
| module JWT | ||
| module Configuration | ||
| class Container | ||
| attr_accessor :decode, :jwk |
There was a problem hiding this comment.
JWT::Configuration::Container#decode is a writable attribute
|
The API should not have changed in this case, the intention was that at least. What API do you have on your mind? |
anakinj
force-pushed
the
configuration-and-thumbprint-as-kid
branch
from
2f79667
to
d64ae02
Compare
|
SourceLevel has finished reviewing this Pull Request and has found:
|
|
@excpt, I got very curious on what im missing:) |
|
I see that I have chosen my word poorly. 😖 Clarification: You want to depricate the current used way of kid generation. This will break existing implementations while continuing using the 2.x versions of this gem. I recommend bumping the version to 3.0 in that case. So this is will be clear for all the direct and mostly indirect users of this gem. This allows us to continue the development and it's still possible to continue supporting the 2.x versions. |
|
Thanks for the clarification 👍 . I will in my turn clarify my thoughts:
|
|
@excpt ok to merge? No changes to the current behaviour and deprecation will happen at a later stage with some kind of warnings to the user. |
anakinj
force-pushed
the
configuration-and-thumbprint-as-kid
branch
from
d64ae02
to
2e018fb
Compare
anakinj
force-pushed
the
configuration-and-thumbprint-as-kid
branch
from
2e018fb
to
09daa9e
Compare
This addresses #474.
Allow the default and custom kid generation to be changed to a more "standard" way of generating JWK kids.
Also introduces a configuration concept via
::JWK.configurationwhere the default values has been moved.Would very much like to deprecate the current way of kid generation, but we would need to notify about the deprecation in some way before that.