Skip to content

Add route keys/{kid}/jwk.json#48

Merged
johnabass merged 5 commits intoxmidt-org:masterfrom
Equanox:json_web_key
May 4, 2020
Merged

Add route keys/{kid}/jwk.json#48
johnabass merged 5 commits intoxmidt-org:masterfrom
Equanox:json_web_key

Conversation

@Equanox
Copy link
Contributor

@Equanox Equanox commented Apr 19, 2020

JWK (https://tools.ietf.org/html/rfc7517) format seems to be a bit more common to expose the public key. This allows us to be more flexible in checking JWT validity.

I think it won't break anything as the pem route is still functional. The JWK creation is based on https://github.com/lestrrat-go/jwx .

johnabass
johnabass approved these changes Apr 21, 2020
View reviewed changes
Copy link
Contributor

@johnabass johnabass left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nicely done. Let's push this in our next release.

We should add content negotiation to the /keys/{kid] endpoint to allow returning PEM or JWK, but that can be done in a follow-on PR.

@joe94
Copy link
Member

joe94 commented Apr 23, 2020

I agree. This is great! 😄 Thanks, @Equanox! FYI: there are some failing tests in travis though. We should fix that before merging.

@Equanox
Copy link
Contributor Author

Equanox commented Apr 23, 2020

Thx guys, will fix the failing tests. @johnabass didnt know exactly how to react properly to the Content-Type, is there a example in one of your repos? Then i will try to do a follow up PR.

@joe94 joe94 added the enhancement New feature or request label Apr 24, 2020
@codecov-io
Copy link

codecov-io commented Apr 25, 2020
edited
Loading

Codecov Report

Merging #48 into master will decrease coverage by 1.12%.
The diff coverage is 73.33%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #48      +/-   ##
==========================================
- Coverage   96.60%   95.48%   -1.13%     
==========================================
  Files          38       39       +1     
  Lines        1209     1262      +53     
==========================================
+ Hits         1168     1205      +37     
- Misses         27       35       +8     
- Partials       14       22       +8
Impacted Files Coverage Δ
key/pair.go 77.53% <56.75%> (-8.45%) ⬇️
key/handler_jwk.go 100.00% <100.00%> (ø)
key/provide.go 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update aaa4016...b0ede04. Read the comment docs.

@johnabass
Copy link
Contributor

johnabass commented Apr 30, 2020

Thx guys, will fix the failing tests. @johnabass didnt know exactly how to react properly to the Content-Type, is there a example in one of your repos? Then i will try to do a follow up PR.

We're in the process of retooling around content negotiation. We should just push this PR to master for now. We can redo an URLs or content negotation after we settle on a solution.

@johnabass johnabass merged commit 7f74e16 into xmidt-org:master May 4, 2020
@johnabass
Copy link
Contributor

johnabass commented May 5, 2020

https://github.com/xmidt-org/themis/releases/tag/v0.4.4 has this PR in it.

I did change things a bit in #53. Notably, the specific URLs are /keys/{kid}/key.json and /keys/{kid}/keys.pem when not using content negotiation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@johnabass johnabass johnabass approved these changes

Assignees

@Equanox Equanox

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Equanox @joe94 @codecov-io @johnabass