Added support for JSON Web key sets #489
Conversation
|
Привет, @abatishchev, It's currently far away from fully ready, anyway, take a look please. Would like to hear from you, if you agree or not about namespaces, naming and the approach itself |
|
Александр, @abatishchev, do I need to add/fix something here? Ping :-) |
|
Thank you so much for your contribution! It's a lot and more than I expected. Please allow me some time to review it. Will do :) |
abatishchev
changed the title
|
My sincere apologies! It felt through the cracks of my memory, but now it's back and I'll review the changes as part of the upcoming major version release. Once again, thanks for your contribution! |
with an ability to search keys by ids
to create an algorithms based on JSON Web key sets
to jwt validator
to make a decoder with JWKS
JSON Web key
|
hey @CADBIMDeveloper, I'm back to the PR, as promised :) can you please check why all tests are failing? and rebase on the latest main please too. |
|
Hey @abatishchev , Hypothesis: You've removed |
|
Yeah, it was removed in #497, the .NET team has confirmed that it's better not to reference it until strictly necessary, e.g. in lower target frameworks which don't ship it within |
|
Hey @abatishchev , it's working now :-) |
| @@ -5,16 +5,28 @@ namespace JWT.Algorithms | |||
| /// <inheritdoc /> | |||
| public class HMACSHAAlgorithmFactory : JwtAlgorithmFactory | |||
| { | |||
| private readonly byte[] _key; | |||
|
|
|||
| public HMACSHAAlgorithmFactory() | |||
There was a problem hiding this comment.
Why do all classes need an empty ctor? Both the algos and the factories?
There was a problem hiding this comment.
I didn't want to introduce breaking changes for the user code like:
JwtBuilder.Create().WithAlgorithm(...)...;
JwtBuilder.Create().WithAlgorithm(...).WithSecret(...).Encode(...);
JwtBuilder.Create().WithAlgorithmFactory(...)...;I can remove empty ctors if you want to
| } | ||
| } | ||
|
|
||
| private static char DecodeCharacter(char ch) |
There was a problem hiding this comment.
Is this a good name for this method?
There was a problem hiding this comment.
To be honest, I took it from Microsoft.AspNetCore.WebUtilities.WebEncoders and didn't pay a lot of attention to it. Will it be okay for you, if I rename it to Transform(char symbol)?
| @@ -0,0 +1,6 @@ | |||
| namespace JWT.Jwk; | |||
There was a problem hiding this comment.
Please convert implicit namespace into explicit (here and elsewhere too), for the consistency of the codebase
There was a problem hiding this comment.
Oops. sorry. This is the only place with implicit namespace (my bad, miss it). Fixed
src/JWT/Jwk/JwtWebKeysCollection.cs
Outdated
| } | ||
|
|
||
| public JwtWebKey Find(string keyId) | ||
| { |
There was a problem hiding this comment.
nit: use the => syntax for one-line methods
src/JWT/Jwk/JwtWebKeysCollection.cs
Outdated
|
|
||
| public JwtWebKeysCollection(JwtWebKeySet keySet) : this(keySet.Keys) | ||
| { | ||
|
|
There was a problem hiding this comment.
nit: remove line breaks from empty methods/ctors
src/JWT/JwtDecoder.cs
Outdated
| @@ -249,9 +248,9 @@ public void Validate(JwtParts jwt, params byte[][] keys) | |||
| { | |||
| _jwtValidator.Validate(decodedPayload, asymmAlg, bytesToSign, decodedSignature); | |||
| } | |||
| else | |||
| else if (algorithm is ISymmetricAlgorithm symmAlg) | |||
There was a problem hiding this comment.
Should we use pattern matching switch/case here?
src/JWT/JwtDecoder.cs
Outdated
| { | ||
| ValidSymmetricAlgorithm(keys, decodedPayload, algorithm, bytesToSign, decodedSignature); | ||
| _jwtValidator.Validate(keys, decodedPayload, symmAlg, bytesToSign, decodedSignature); |
There was a problem hiding this comment.
Is the existing (non-algo specific) method Validate() still needed then?
src/JWT/Jwk/JwtWebKeysCollection.cs
Outdated
|
|
||
| namespace JWT.Jwk | ||
| { | ||
| public class JwtWebKeysCollection : IJwtWebKeysCollection |
There was a problem hiding this comment.
Please seal all classes not intended to be overridden
There was a problem hiding this comment.
Fixed. This class was the only one not sealed.
| /// A JWK Set JSON data structure that represents a set of JSON Web Keys | ||
| /// specifed by RFC 7517, see https://datatracker.ietf.org/doc/html/rfc7517 | ||
| /// </summary> | ||
| public sealed class JwtWebKeySet |
There was a problem hiding this comment.
Does a class need the default ctor decorated with [JsonConstructor] if it has none?
There was a problem hiding this comment.
I think, it could be removed. I made it with the same rules as in JwtHeader:
jwt/src/JWT/Builder/JwtHeader.cs
Line 15 in 7ebbddf
Maybe there is something, I'm not aware about, could you clarify, why we need it in JwtHeader, please?
|
hey @CADBIMDeveloper, I'm sorry again, I didn't forget - the tab is permanently open for me. It's just a bit too chaotic at work right now. I'll come back to this PR as soon as I can. |
Description
Based on #488 , adds JWKS support
Breaking changes
None
Checklist