-
-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve Claim API #25
Conversation
- rename JWTError.verificationFailed to .signatureVerificationFailed - make verifyClaims throw on failure
- use throwable tests where applicable - use XCTAssertThrowsError to ensure we fail when no errors are thrown where they are expected - update Claim tests to reflect their new throwing nature
- rename SecondsWithLeewayClaim to TimeBasedClaim - hide protocols that should be internal - use more explicit initializer labels
Codecov Report
@@ Coverage Diff @@
## master #25 +/- ##
==========================================
+ Coverage 81.24% 81.79% +0.55%
==========================================
Files 31 30 -1
Lines 693 714 +21
==========================================
+ Hits 563 584 +21
Misses 130 130
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code looks good :)
|
||
public init(_ value: Seconds, leeway: Seconds = 0) { | ||
self.value = value | ||
public init(createTimestamp: @escaping () -> Seconds, leeway: Seconds) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the default value of 0
for leeway should stay. And the createTimestamp would be nicer for the caller with @autoclosure
. (I won't copy this to nbf but obviously I mean for both places.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good call! This functionality used to come from the protocol but got lost when I decided to hide that.
- add "convenience" initializers for TimeBasedClaims - update AudienceClaim interface to match other Claims - use default value for leeway - allow initializing IssuedAtClaim using Date (with default value)
@vzsg through the TimeBasedClaim protocol there are now several ways to initialize ExpirationTimeClaim/NotBeforeClaim: I discovered the playgrounds were outdated (can Travis check for that? 🤔) and that there were some inconsistencies with initializing |
Looks like @vzsg comments were resolved. Going to merge this :) |
Time based claims (Expiration- and NotBefore-) are now able to evaluate the comparison at time of verification and API more closely matches that of signature verification.
This will allow us to pass in claims into our jwt-provider's LoginMiddleware at init and verify claims as well as signatures. A PR that adds that functionality is next on my list.