Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to validate against multiple keys #1033

Merged
merged 3 commits into from
Nov 20, 2023
Merged

Add support to validate against multiple keys #1033

merged 3 commits into from
Nov 20, 2023

Conversation

lcobucci
Copy link
Owner

@lcobucci lcobucci commented Nov 4, 2023

This implements the design I suggested on #1011 (comment) to solve the limitation raised by @rhertogh

@lcobucci lcobucci added this to the 5.2.0 milestone Nov 4, 2023
@lcobucci lcobucci self-assigned this Nov 4, 2023
@lcobucci lcobucci mentioned this pull request Nov 4, 2023
Closed
@lcobucci lcobucci force-pushed the add-support-to-validate-against-multiple-keys branch from 4b96fe0 to a6afecf Compare November 4, 2023 21:56
@lcobucci lcobucci force-pushed the add-support-to-validate-against-multiple-keys branch from a6afecf to 7914f55 Compare November 4, 2023 22:18
Slamdunk
Slamdunk requested changes Nov 6, 2023
View reviewed changes
docs/rotating-keys.md Show resolved Hide resolved
@lcobucci lcobucci force-pushed the add-support-to-validate-against-multiple-keys branch from 7914f55 to 26960f1 Compare November 19, 2023 22:07
Slamdunk
Slamdunk approved these changes Nov 20, 2023
View reviewed changes
docs/rotating-keys.md Show resolved Hide resolved
@lcobucci
Introduce fake implementation of signer for tests
800dbdd 
This allows us to stop using PHPUnit mocks in every place that needs,
making tests more obvious.

Signed-off-by: Luís Cobucci <lcobucci@gmail.com>
@lcobucci
Add a way to verify a token against multiple algorithms/keys
fbff2ed 
When dealing with key rotations, we will likely have to verify
previously issued tokens (signed with the old key) and new tokens
(signed with the new key).

This introduces a handy constraint that can take multiple `SignedWith`
constraints and only raise exceptions when the signature can't be
validated by any of them.

Signed-off-by: Luís Cobucci <lcobucci@gmail.com>
@lcobucci
Add docs on key rotation
4a98f10 
Signed-off-by: Luís Cobucci <lcobucci@gmail.com>
@lcobucci lcobucci force-pushed the add-support-to-validate-against-multiple-keys branch from 26960f1 to 4a98f10 Compare November 20, 2023 21:11
@lcobucci lcobucci merged commit 3529291 into 5.2.x Nov 20, 2023
39 checks passed
@lcobucci lcobucci deleted the add-support-to-validate-against-multiple-keys branch November 20, 2023 21:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Slamdunk Slamdunk Slamdunk approved these changes

@Ocramius Ocramius Awaiting requested review from Ocramius

Assignees

@lcobucci lcobucci

Labels
Improvement
Projects
None yet
Milestone
5.2.0
Development

Successfully merging this pull request may close these issues.
2 participants
@lcobucci @Slamdunk