-
Notifications
You must be signed in to change notification settings - Fork 464
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added support for JSON Web key sets #489
base: main
Are you sure you want to change the base?
Conversation
Привет, @abatishchev, It's currently far away from fully ready, anyway, take a look please. Would like to hear from you, if you agree or not about namespaces, naming and the approach itself |
Александр, @abatishchev, do I need to add/fix something here? Ping :-) |
Thank you so much for your contribution! It's a lot and more than I expected. Please allow me some time to review it. Will do :) |
My sincere apologies! It felt through the cracks of my memory, but now it's back and I'll review the changes as part of the upcoming major version release. Once again, thanks for your contribution! |
with an ability to search keys by ids
to create an algorithms based on JSON Web key sets
to jwt validator
to make a decoder with JWKS
JSON Web key
hey @CADBIMDeveloper, I'm back to the PR, as promised :) can you please check why all tests are failing? and rebase on the latest main please too. |
Hey @abatishchev , Hypothesis: You've removed |
Yeah, it was removed in #497, the .NET team has confirmed that it's better not to reference it until strictly necessary, e.g. in lower target frameworks which don't ship it within |
Hey @abatishchev , it's working now :-) |
@@ -5,16 +5,28 @@ namespace JWT.Algorithms | |||
/// <inheritdoc /> | |||
public class HMACSHAAlgorithmFactory : JwtAlgorithmFactory | |||
{ | |||
private readonly byte[] _key; | |||
|
|||
public HMACSHAAlgorithmFactory() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do all classes need an empty ctor? Both the algos and the factories?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't want to introduce breaking changes for the user code like:
JwtBuilder.Create().WithAlgorithm(...)...;
JwtBuilder.Create().WithAlgorithm(...).WithSecret(...).Encode(...);
JwtBuilder.Create().WithAlgorithmFactory(...)...;
I can remove empty ctors if you want to
} | ||
} | ||
|
||
private static char DecodeCharacter(char ch) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a good name for this method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be honest, I took it from Microsoft.AspNetCore.WebUtilities.WebEncoders
and didn't pay a lot of attention to it. Will it be okay for you, if I rename it to Transform(char symbol)
?
@@ -0,0 +1,6 @@ | |||
namespace JWT.Jwk; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please convert implicit namespace into explicit (here and elsewhere too), for the consistency of the codebase
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops. sorry. This is the only place with implicit namespace (my bad, miss it). Fixed
src/JWT/Jwk/JwtWebKeysCollection.cs
Outdated
} | ||
|
||
public JwtWebKey Find(string keyId) | ||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: use the =>
syntax for one-line methods
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
src/JWT/Jwk/JwtWebKeysCollection.cs
Outdated
|
||
public JwtWebKeysCollection(JwtWebKeySet keySet) : this(keySet.Keys) | ||
{ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: remove line breaks from empty methods/ctors
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
src/JWT/JwtDecoder.cs
Outdated
@@ -249,9 +248,9 @@ public void Validate(JwtParts jwt, params byte[][] keys) | |||
{ | |||
_jwtValidator.Validate(decodedPayload, asymmAlg, bytesToSign, decodedSignature); | |||
} | |||
else | |||
else if (algorithm is ISymmetricAlgorithm symmAlg) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we use pattern matching switch/case
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
src/JWT/JwtDecoder.cs
Outdated
{ | ||
ValidSymmetricAlgorithm(keys, decodedPayload, algorithm, bytesToSign, decodedSignature); | ||
_jwtValidator.Validate(keys, decodedPayload, symmAlg, bytesToSign, decodedSignature); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the existing (non-algo specific) method Validate()
still needed then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure...
src/JWT/Jwk/JwtWebKeysCollection.cs
Outdated
|
||
namespace JWT.Jwk | ||
{ | ||
public class JwtWebKeysCollection : IJwtWebKeysCollection |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please seal
all classes not intended to be overridden
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed. This class was the only one not sealed.
/// A JWK Set JSON data structure that represents a set of JSON Web Keys | ||
/// specifed by RFC 7517, see https://datatracker.ietf.org/doc/html/rfc7517 | ||
/// </summary> | ||
public sealed class JwtWebKeySet |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does a class need the default ctor decorated with [JsonConstructor]
if it has none?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think, it could be removed. I made it with the same rules as in JwtHeader
:
jwt/src/JWT/Builder/JwtHeader.cs
Line 15 in 7ebbddf
[System.Text.Json.Serialization.JsonConstructor] |
Maybe there is something, I'm not aware about, could you clarify, why we need it in JwtHeader
, please?
hey @CADBIMDeveloper, I'm sorry again, I didn't forget - the tab is permanently open for me. It's just a bit too chaotic at work right now. I'll come back to this PR as soon as I can. |
Description
Based on #488 , adds JWKS support
Breaking changes
None
Checklist