- Notifications
You must be signed in to change notification settings - Fork927
feat: add jwt pkg#14928
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
feat: add jwt pkg#14928
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This refactor encapsulates key management for JWT signing and verification by:- Introducing `ParseKeyFunc` and `SecuringKeyFn` to streamline key operations.- Moving key-related functions to `jwt.go` to improve package modularity.- Simplifying `Encrypt` and `Decrypt` function documentation and usage.- Updating tests to align with the new function signatures and logic flow.
The JWT functionality has been refactored, and its associated test values are no longer required. Removing the test file helps maintain code clarity and prevents outdated test logic from impacting the current codebase.
- Renamed key functions to clarify their use.- Removed unused `featureHeaderKey`.- Added comprehensive tests for JWT signing and verifying.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
- Streamlines key retrieval by integrating with the cryptokeys package.- Simplifies key handling by decoding directly using hex utilities.- Enhances validation by using context for managing key operations.- Improves test robustness with clearer setup and consistent mocking.
- Rename package `jwt` to `jwtutils` for better context.- Consolidate constants and enhance error messages.- Simplify key management for JWT signing and verification.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Refactor JWT utility code to replace `ParseOptions` with more specific`VerifyOptions` and `DecryptOptions`. This change enhances clarity andflexibility, accommodating different needs for JWS and JWE operations. Updatetests to align with the refactored structure, ensuring robust coverage andfunctionality verification.
Increase OIDC secret length for added security and clarity.Optimize JWT test coverage with custom claims and key cache tests.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
- Enhance comments for key interfaces to clarify usage and considerations for time validity and clock skew.- Refactor JWE/JWS logic to simplify serialization and deserialization processes, ensuring more efficient and concise handling of JWTs. Implement compact serialization and remove unnecessary base64 encoding.
Removing unused test and mock code simplifies maintenance and reduces clutter.
Deleting unnecessary cryptokeys keycachemock ensures clarity and reduces maintenance.
Ensure that the dbCache methods for encrypting, decrypting, signing,and verifying keys validate the feature flag before proceeding withoperations. This validation step prevents using keys for unintendedpurposes, maintaining proper alignment with their intendedcryptographic feature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LG, would like to have the "fetcher" interface so we can use this in wsproxy too at some point 👍
sreya commentedOct 4, 2024 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Yeah I'll open anissue to work on a refactor once I get this running in dev. |
68ec532 intomainUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
This PR adds a
jwtutilspackage to be shared amongst the various packages in the codebase that make use of JWTs. It's intended to help us standardize on one library instead of some implementations usinggo-joseand others usinggolang-jwt.The main reason we're converging on
go-joseis due to its support for JWEs,golang-jwtalso has a repo to handle it but itdoesn't look maintained