Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rework validation to be less strict #24

Merged
merged 4 commits into from
Mar 11, 2024
Merged

Conversation

MicahParks
Copy link
Owner

@MicahParks MicahParks commented Mar 11, 2024

The purpose of this pull request is to rework validation to be less strict. Specifically for removing reflect.DeepEqual.

Two padding related reasons for this are:

  1. Mandatory leading padding for ECDSA JWK parameters.
  2. A common mistake adding leading padding to RSA JWK parameter "n".

For padding specifically, this project is only comparing integers after they are parsed from Base64 raw URL encoding by default. To turn on strict validation, there will be a new field on jwkset.ValidateOptions named StrictPadding.

An example for 1 would be a bug in this project were mandatory leading padding was absent: #18

An example for 2 would be a Firebase service that was reported to be incompatible with this project: #23

This PR is intended to close #20

@MicahParks MicahParks added the enhancement New feature or request label Mar 11, 2024
@MicahParks MicahParks marked this pull request as ready for review March 11, 2024 22:55
@MicahParks
Copy link
Owner Author

Anyone is encouraged to review.

@MicahParks MicahParks merged commit 7091ac8 into master Mar 11, 2024
@MicahParks MicahParks deleted the validation-less-strict branch March 11, 2024 23:56
renovate bot referenced this pull request in nobl9/nobl9-go Mar 12, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [github.com/MicahParks/jwkset](https://togithub.com/MicahParks/jwkset)
| `v0.5.14` -> `v0.5.15` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fMicahParks%2fjwkset/v0.5.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fMicahParks%2fjwkset/v0.5.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fMicahParks%2fjwkset/v0.5.14/v0.5.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fMicahParks%2fjwkset/v0.5.14/v0.5.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[github.com/MicahParks/keyfunc/v3](https://togithub.com/MicahParks/keyfunc)
| `v3.2.8` -> `v3.2.9` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fMicahParks%2fkeyfunc%2fv3/v3.2.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fMicahParks%2fkeyfunc%2fv3/v3.2.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fMicahParks%2fkeyfunc%2fv3/v3.2.8/v3.2.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fMicahParks%2fkeyfunc%2fv3/v3.2.8/v3.2.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>MicahParks/jwkset (github.com/MicahParks/jwkset)</summary>

###
[`v0.5.15`](https://togithub.com/MicahParks/jwkset/releases/tag/v0.5.15):
Less strict validation

[Compare
Source](https://togithub.com/MicahParks/jwkset/compare/v0.5.14...v0.5.15)

The purpose of this release is to use less strict validation for JWK.
This will allow users to work with non-RFC compliant JWK Sets for small
padding mistakes.

Two padding related reasons for this are:

1.  Mandatory leading padding for ECDSA JWK parameters.
2.  A common mistake adding leading padding to RSA JWK parameter "n".

For padding specifically, this project is only comparing integers after
they are parsed from Base64 raw URL encoding by default. To turn on
strict validation, there will be a new field on jwkset.ValidateOptions
named StrictPadding.

An example for `1` would be a bug in this project were mandatory leading
padding was absent:
[https://github.com/MicahParks/jwkset/issues/18](https://togithub.com/MicahParks/jwkset/issues/18)

An example for `2` would be a Firebase service that was reported to be
incompatible with this project:
[https://github.com/MicahParks/jwkset/issues/23](https://togithub.com/MicahParks/jwkset/issues/23)

Relevant issues:

-
[https://github.com/MicahParks/jwkset/issues/23](https://togithub.com/MicahParks/jwkset/issues/23)
-
[https://github.com/MicahParks/jwkset/issues/20](https://togithub.com/MicahParks/jwkset/issues/20)
-
[https://github.com/MicahParks/jwkset/issues/18](https://togithub.com/MicahParks/jwkset/issues/18)

Relevant pull requests:

-
[https://github.com/MicahParks/jwkset/pull/24](https://togithub.com/MicahParks/jwkset/pull/24)

</details>

<details>
<summary>MicahParks/keyfunc (github.com/MicahParks/keyfunc/v3)</summary>

###
[`v3.2.9`](https://togithub.com/MicahParks/keyfunc/compare/v3.2.8...v3.2.9)

[Compare
Source](https://togithub.com/MicahParks/keyfunc/compare/v3.2.8...v3.2.9)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 10pm every weekday,before 5am
every weekday,every weekend" (UTC), Automerge - At any time (no schedule
defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/nobl9/nobl9-go).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIzMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Change how JWK validation works
1 participant