New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow configuration of URIs in JWT helpers #134
Comments
I think this could be a useful enhancement. If you're happy to do the PR feel free otherwise we can add it to the backlog |
Thanks for your reply. I am happy to do the PR. |
Of course, the problem is more complicated than I first thought 😉. I see several possibilities to overcome this problem:
extension Application.JWT {
public func microsoft(jwksEndpoint: URI) -> Microsoft { ... }
...
} This way, we do not have to store the URI. But we would also have to parametrize the microsoft-extension on extension Request.JWT {
public func microsoft(jwksEndpoint: URI) -> Microsoft { ... }
...
} For (1) and (2) there is the additional constraint that a user must configure the URI before the applicationIdentifier. Otherwise it would have no effect. Perhaps we could log a warning if this happens, similar to how it is done in If we would go down the road of (3) and parametrize the extensions on Of course there are also other possibilities, such as requiring an explicit initialization of the storage before the first request. But this would then probably break API compatibility. I would love to hear your thoughts on this. |
On further reflection, I think the current implementation of setting the func testDataRace() throws {
let app = Application(.testing)
defer { app.shutdown() }
let exp = expectation(description: "data race")
(0...10).forEach { _ in
DispatchQueue.global().async { app.jwt.microsoft.applicationIdentifier = "" }
}
DispatchQueue.global().async { exp.fulfill() }
waitForExpectations(timeout: 1, handler: nil)
} This produces the expected runtime-issue: However, as mentioned above, in practice this probably isn't a problem, because setting the This leaves us with the options to either (a) expose an I would be happy to help with the implementation if you have a preference. |
If you set the app identifier to use |
I have created a pull request to solve this issue. It uses a separate Lock to reset the EndpointCache when the URI is modified. |
I am facing the problem that I need to specify another URI to get the JWKS for the Microsoft issuer.
It is currently hardcoded to "https://login.microsoftonline.com/common/discovery/keys", but I need the "v2.0"-version at "https://login.microsoftonline.com/common/discovery/v2.0/keys".
The only way that I found to work around this issue is to copy and rename all of the JWT-Microsoft helpers (in
JWT+Micorsoft.swift
) and change the URI in the copy.I would prefer it, if I could only change the URI without having to need to copy the whole other logic.
Therefore, I propose to add another public property (e.g. named
jwksEndpoint
) similar toapplicationIdentifier
that can be changed viaapp.jwt.microsoft.jwksEndpoint
.The same could be done for the Apple and Google helpers.
The text was updated successfully, but these errors were encountered: