Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove "--prn" option or make it optional on encode #114

Closed
erhhung opened this issue Jan 22, 2021 · 4 comments
Closed

Remove "--prn" option or make it optional on encode #114

erhhung opened this issue Jan 22, 2021 · 4 comments

Comments

@erhhung
Copy link

erhhung commented Jan 22, 2021

Summary

According to the latest JWT spec (https://tools.ietf.org/html/rfc7519#page-9), the "prn" claim is not even mentioned, and according to an earlier JWT draft spec (https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-05#page-9), the "prn" claim is optional.

Steps to reproduce

On encode, I get an error that the "--prn" required argument was not provided:

error: The following required arguments were not provided:
    --prn <principal>

USAGE:
    jwt encode --alg <algorithm> --aud <audience> --exp <expires> --iss <issuer> --payload <payload>... --prn <principal> --secret <secret> --sub <subject>

Expected behavior

The "--prn" option should either be removed entirely or at least be made optional.
@kljensen
Copy link

@erhhung I didn't experience that argument as required. Can you post an example usage?

@erhhung
Copy link
Author

erhhung commented Feb 12, 2021

The version I ran was v3.2.1 as that was the latest published in Homebrew (and still is).
I just manually pulled down v3.3.0 and ran my example again, and I still see the issue:

./jwt --version
jwt 3.3.0

Full example:

$ ./jwt encode \
  --iss https://foo.com \
  --aud https://bar.com \
  --sub john.doe \
  -P "jti=$(uuidgen)" \
  -P "email=john.doe@foo.com" \
  --exp "+1 hr" \
  --secret secret

error: The following required arguments were not provided:
    --prn <principal>

USAGE:
    jwt encode --alg <algorithm> --aud <audience> --exp <expires> --iss <issuer> --prn <principal> --secret <secret> --sub <subject>

Minimal example:

$ ./jwt encode --aud https://bar.com --secret secret

error: The following required arguments were not provided:
    --prn <principal>

USAGE:
    jwt encode --alg <algorithm> --aud <audience> --exp <expires> --prn <principal> --secret <secret>

Full example without --aud option:

$ ./jwt encode \
  --iss https://foo.com \
  --sub john.doe \
  -P "jti=$(uuidgen)" \
  -P "email=john.doe@foo.com" \
  --exp "+1 hr" \
  --secret secret

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6ImpvaG4uZG9lQGZvby5jb20iLCJleHAiOjE2MTMxNTI1NjUsImlhdCI6MTYxMzE0ODk2NSwiaXNzIjoiaHR0cHM6Ly9mb28uY29tIiwianRpIjoiMzUwOWNkNjgtNTI3OC00NmRlLTllODQtZmVjYzAyM2I0NGE2Iiwic3ViIjoiam9obi5kb2UifQ.0BKPhlWe41JVX_7mOLrAJJ1SfW1aAOcLw1P3y05psKU

@mike-engel
Copy link
Owner

Thanks @erhhung! I'm not sure which spec I read when I first created this tool, but prn was required if aud was present at the time. According to the current spec that you mentioned, however, it doesn't even seem to be specified. I'll remove it.

@mike-engel
Copy link
Owner

Removed in 4.0.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kljensen @mike-engel @erhhung