allow files to be used as HMAC secrets #111
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for this @jbg! Could you also add some tests for slurping files? If you're unsure how to proceed, let me know and I can try to describe it here |
|
You mean just testing the combination of file token and HMAC? There are already two tests of the file slurping code at the end of jwt-cli.rs |
|
Correct, just for HMAC file tokens. At some point, I'd like to make the file slurping work for everything, but until then, I'd like to add a test for HMAC since they don't share the same code and to make sure it doesn't break in the future |
|
Got it! Will take care of this a little later. Thanks for the clarification! |
|
Hi @jbg, I wanted to check in to see if you've had time to add some tests, or if you need any help. Thanks! |
3 tasks
|
Closing in favor of #130 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR resolves the issue I reported in #109, so that HMAC secrets can be read from a file. Previously, if one attempted to read from a file by passing
@filename(as the --help text suggests), the literal string@filenamewas used as the secret instead.As an aside, anyone who has used this tool with HMAC JWTs must have quite brute-forceable secrets, since they likely contain only printable characters.