Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added JWK and JWKS support #106

Merged
merged 3 commits into from Oct 23, 2019
Merged

Added JWK and JWKS support #106

merged 3 commits into from Oct 23, 2019

Conversation

valeriomazzeo
Copy link
Contributor

This pull request adds support for JWK and JWKS.
It fixes #87

Note: only RSA keys have been implemented so far.

This was referenced Oct 23, 2019
@valeriomazzeo
Copy link
Contributor Author

I have reverted that master merge. This is the PR as it was originally intended for Vapor 3 vapor/jwt-kit#106 .

Just as a reminder I had already implemented this for Vapor 2, but for whatever reason it wasn't ported to Vapor 3.

It would be nice if you (@tanner0101) could please incorporate this feature also in the master branch, for Vapor 4. Otherwise I will have to re-implement it once again :(

@tanner0101 tanner0101 added the enhancement New feature or request label Oct 23, 2019
@tanner0101 tanner0101 added this to In Progress in Vapor 4 via automation Oct 23, 2019
Copy link
Member

@tanner0101 tanner0101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tanner0101
Copy link
Member

@valeriomazzeo thanks for fixing the merge conflict. Sorry this PR has fallen through the cracks for so long. I'll add this feature to the master branch now 👍

@tanner0101 tanner0101 merged commit 0debb7f into vapor:3 Oct 23, 2019
Vapor 4 automation moved this from In Progress to Done Oct 23, 2019
@valeriomazzeo valeriomazzeo deleted the feature/jwk branch October 23, 2019 15:01
@valeriomazzeo
Copy link
Contributor Author

@tanner0101 @siemensikkema it seems this feature has not been ported to v4.

Please, tell me I don't have to re-implement this for the 3rd time ...

@0xTim
Copy link
Member

0xTim commented May 6, 2020

@valeriomazzeo JWKS support is definitely in there since it's used to verify the Sign In With Apple keys

@valeriomazzeo
Copy link
Contributor Author

I have found the related files 🎉

I am now trying to figure out how to port this https://github.com/asensei/vapor-auth-jwt to Vapor 4 - still trying to understand what's redundant from there and what's not.

@valeriomazzeo
Copy link
Contributor Author

valeriomazzeo commented May 6, 2020

@0xTim - so I think I got confused because the JWT signers are only local. So I couldn't find where the JWKS url was injected.

For my specific case, I think I'd have to implement an equivalent of JWT+Apple.swift in JWT+JWKS.swift.

It really looks like the standard JWT signers should be able to accept a generic JWKS url. I don't see any reason why not.

In my implementation I had a generic JWKSSignerRepository and all it needed was the JWKS url.

Thoughts?

@0xTim
Copy link
Member

0xTim commented May 7, 2020

@valeriomazzeo the Google and Apple JWKS code looks sufficiently duplicated to warrant something like that. Thoughts @gwynne ?

@gwynne
Copy link
Member

gwynne commented May 7, 2020

Absolutely concur - the more generic our handling of data, the better, and we definitely have plenty of low-hanging fruit for de-duplication and additional supported things (key types, well-known token types, algorithms, you name it).

Most of the work in question probably belongs in https://github.com/vapor/jwt-kit, though, not just here.

@0xTim
Copy link
Member

0xTim commented May 7, 2020

Depends on if we want to add some Client knowledge to JWT-Kit

@gwynne
Copy link
Member

gwynne commented May 7, 2020

I confess to an unforgivable ignorance of the topic 😆. Yeah, we definitely don't want to drag a Vapor dependency down below JWT, that defeats the purpose.

@valeriomazzeo
Copy link
Contributor Author

valeriomazzeo commented May 7, 2020

@0xTim - by looking at the dependencies it seems that implement it in this repo makes more sense.

I also had a cacheMinTTL setting in my implementation .

It was then used by the middleware which was where the signer repository was injected - I suppose that's now called Authenticator?

@0xTim
Copy link
Member

0xTim commented May 11, 2020

Yeah I think that's correct

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
Vapor 4
  
Done
Development

Successfully merging this pull request may close these issues.

None yet

5 participants