Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for JSON Web key sets #489

Open
wants to merge 49 commits into
base: main
Choose a base branch
from

Conversation

CADBIMDeveloper
Copy link
Contributor

@CADBIMDeveloper CADBIMDeveloper commented Jan 27, 2024

Description

Based on #488 , adds JWKS support

Breaking changes

None

Checklist

  • Tests added
  • Version bumped
  • Changelog updated

@CADBIMDeveloper
Copy link
Contributor Author

Привет, @abatishchev,

It's currently far away from fully ready, anyway, take a look please. Would like to hear from you, if you agree or not about namespaces, naming and the approach itself

@abatishchev abatishchev self-assigned this Jan 30, 2024
@CADBIMDeveloper CADBIMDeveloper marked this pull request as ready for review February 4, 2024 20:08
@CADBIMDeveloper
Copy link
Contributor Author

Александр, @abatishchev, do I need to add/fix something here? Ping :-)

@abatishchev
Copy link
Member

Thank you so much for your contribution! It's a lot and more than I expected. Please allow me some time to review it. Will do :)

@abatishchev abatishchev changed the title JSON Web key sets support Added support for JSON Web key sets Apr 16, 2024
@abatishchev
Copy link
Member

My sincere apologies! It felt through the cracks of my memory, but now it's back and I'll review the changes as part of the upcoming major version release. Once again, thanks for your contribution!

@abatishchev
Copy link
Member

hey @CADBIMDeveloper, I'm back to the PR, as promised :) can you please check why all tests are failing? and rebase on the latest main please too.

@CADBIMDeveloper
Copy link
Contributor Author

Hey @abatishchev ,

Hypothesis: You've removed src/Directory.Build.targets where MODERN_DOTNET constant was defined. I will check and fix it this week.

@abatishchev
Copy link
Member

Yeah, it was removed in #497, the .NET team has confirmed that it's better not to reference it until strictly necessary, e.g. in lower target frameworks which don't ship it within

replace MODERN_DOTNET which is not presented any more
@CADBIMDeveloper
Copy link
Contributor Author

Hey @abatishchev , it's working now :-)

@@ -5,16 +5,28 @@ namespace JWT.Algorithms
/// <inheritdoc />
public class HMACSHAAlgorithmFactory : JwtAlgorithmFactory
{
private readonly byte[] _key;

public HMACSHAAlgorithmFactory()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do all classes need an empty ctor? Both the algos and the factories?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't want to introduce breaking changes for the user code like:

JwtBuilder.Create().WithAlgorithm(...)...;
JwtBuilder.Create().WithAlgorithm(...).WithSecret(...).Encode(...);
JwtBuilder.Create().WithAlgorithmFactory(...)...;

I can remove empty ctors if you want to

}
}

private static char DecodeCharacter(char ch)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a good name for this method?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest, I took it from Microsoft.AspNetCore.WebUtilities.WebEncoders and didn't pay a lot of attention to it. Will it be okay for you, if I rename it to Transform(char symbol)?

@@ -0,0 +1,6 @@
namespace JWT.Jwk;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please convert implicit namespace into explicit (here and elsewhere too), for the consistency of the codebase

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops. sorry. This is the only place with implicit namespace (my bad, miss it). Fixed

src/JWT/Jwk/JwtWebKeySet.cs Outdated Show resolved Hide resolved
}

public JwtWebKey Find(string keyId)
{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: use the => syntax for one-line methods

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed


public JwtWebKeysCollection(JwtWebKeySet keySet) : this(keySet.Keys)
{

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: remove line breaks from empty methods/ctors

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@@ -249,9 +248,9 @@ public void Validate(JwtParts jwt, params byte[][] keys)
{
_jwtValidator.Validate(decodedPayload, asymmAlg, bytesToSign, decodedSignature);
}
else
else if (algorithm is ISymmetricAlgorithm symmAlg)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use pattern matching switch/case here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

{
ValidSymmetricAlgorithm(keys, decodedPayload, algorithm, bytesToSign, decodedSignature);
_jwtValidator.Validate(keys, decodedPayload, symmAlg, bytesToSign, decodedSignature);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the existing (non-algo specific) method Validate() still needed then?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure...

src/JWT/JwtValidator.cs Outdated Show resolved Hide resolved
src/JWT/JwtValidator.cs Outdated Show resolved Hide resolved
src/JWT/Jwk/JwtWebKeysCollection.cs Outdated Show resolved Hide resolved

namespace JWT.Jwk
{
public class JwtWebKeysCollection : IJwtWebKeysCollection
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please seal all classes not intended to be overridden

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed. This class was the only one not sealed.

/// A JWK Set JSON data structure that represents a set of JSON Web Keys
/// specifed by RFC 7517, see https://datatracker.ietf.org/doc/html/rfc7517
/// </summary>
public sealed class JwtWebKeySet
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does a class need the default ctor decorated with [JsonConstructor] if it has none?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think, it could be removed. I made it with the same rules as in JwtHeader:

[System.Text.Json.Serialization.JsonConstructor]

Maybe there is something, I'm not aware about, could you clarify, why we need it in JwtHeader, please?

@abatishchev
Copy link
Member

hey @CADBIMDeveloper, I'm sorry again, I didn't forget - the tab is permanently open for me. It's just a bit too chaotic at work right now. I'll come back to this PR as soon as I can.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

2 participants