New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added JWK and JWKS support #106
Conversation
Typo in Doc-Block Comment (I suppose)
I have reverted that Just as a reminder I had already implemented this for Vapor 2, but for whatever reason it wasn't ported to Vapor 3. It would be nice if you (@tanner0101) could please incorporate this feature also in the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@valeriomazzeo thanks for fixing the merge conflict. Sorry this PR has fallen through the cracks for so long. I'll add this feature to the master branch now 👍 |
@tanner0101 @siemensikkema it seems this feature has not been ported to v4. Please, tell me I don't have to re-implement this for the 3rd time ... |
@valeriomazzeo JWKS support is definitely in there since it's used to verify the Sign In With Apple keys |
I have found the related files 🎉 I am now trying to figure out how to port this https://github.com/asensei/vapor-auth-jwt to Vapor 4 - still trying to understand what's redundant from there and what's not. |
@0xTim - so I think I got confused because the JWT signers are only local. So I couldn't find where the For my specific case, I think I'd have to implement an equivalent of It really looks like the standard JWT signers should be able to accept a generic JWKS url. I don't see any reason why not. In my implementation I had a generic Thoughts? |
@valeriomazzeo the Google and Apple JWKS code looks sufficiently duplicated to warrant something like that. Thoughts @gwynne ? |
Absolutely concur - the more generic our handling of data, the better, and we definitely have plenty of low-hanging fruit for de-duplication and additional supported things (key types, well-known token types, algorithms, you name it). Most of the work in question probably belongs in https://github.com/vapor/jwt-kit, though, not just here. |
Depends on if we want to add some |
I confess to an unforgivable ignorance of the topic 😆. Yeah, we definitely don't want to drag a Vapor dependency down below JWT, that defeats the purpose. |
@0xTim - by looking at the dependencies it seems that implement it in this repo makes more sense. I also had a It was then used by the middleware which was where the signer repository was injected - I suppose that's now called |
Yeah I think that's correct |
This pull request adds support for JWK and JWKS.
It fixes #87
Note: only RSA keys have been implemented so far.