Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to Microsoft.IdentityModel.JsonWebTokens package #7269

Merged
merged 2 commits into from
Jul 18, 2024
Merged

Switch to Microsoft.IdentityModel.JsonWebTokens package #7269

merged 2 commits into from
Jul 18, 2024

Conversation

rubo
Copy link
Contributor

@rubo rubo commented Jul 17, 2024
edited
Loading

Changes

Replaced the System.IdentityModel.Tokens.Jwt package with Microsoft.IdentityModel.JsonWebTokens as recommended by Microsoft:

As of IdentityModel 7x, this is a legacy tool that should be replaced with Microsoft.IdentityModel.JsonWebTokens.

For the Nethermind client, the replaced package is no longer needed after #7177.

Types of changes

What types of changes does your code introduce?

  • Bugfix (a non-breaking change that fixes an issue)
  • New feature (a non-breaking change that adds functionality)
  • Breaking change (a change that causes existing functionality not to work as expected)
  • Optimization
  • Refactoring
  • Documentation update
  • Build-related changes
  • Other: Description

Testing

Requires testing

  • Yes
  • No

If yes, did you write tests?

  • Yes
  • No

@rubo rubo requested review from LukaszRozmej and emlautarom1 July 17, 2024 21:05
LukaszRozmej
LukaszRozmej approved these changes Jul 18, 2024
View reviewed changes
tools/Nethermind.Tools.Kute/Auth/JwtAuth.cs Outdated
return handler.CreateToken(new SecurityTokenDescriptor
{
IssuedAt = _clock.UtcNow.UtcDateTime,
SigningCredentials = new(new SymmetricSecurityKey(_secret), SecurityAlgorithms.HmacSha256)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we cache SymmetricSecurityKey instance?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried not to make any other changes but replace the API as I don't know much about Kute. But the suggested change is small enough, so applied in the commit below.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be no need for caching since we're already caching the JWT generation. By default, this code will be executed once per minute.

@rubo rubo merged commit f6eb084 into master Jul 18, 2024
68 checks passed
@rubo rubo deleted the feature/replace-jwt-package branch July 18, 2024 15:26
emlautarom1
emlautarom1 reviewed Jul 18, 2024
View reviewed changes
tools/Nethermind.Tools.Kute/Auth/JwtAuth.cs
}

private string GenerateAuthToken()
{
var signingKey = new SymmetricSecurityKey(_secret);
var credentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
var claims = new[] { new Claim(JwtRegisteredClaimNames.Iat, _clock.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64) };
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might be reintroducing #6936. @stdevMac please check again with Reth or by following that PR discussion.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's failing to compile:

MSBuild version 17.8.5+b5265ef37 for .NET
  Determining projects to restore...
  Restored /root/nethermind/tools/Nethermind.Tools.Kute/Nethermind.Tools.Kute.csproj (in 3.61 sec).
/root/nethermind/tools/Nethermind.Tools.Kute/JsonRpcMethodFilter/ComposedJsonRpcMethodFilter.cs(18,18): error CS1061: 'IEnumerable<IJsonRpcMethodFilter>' does not contain a definition for 'IsNullOrEmpty' and no accessible extension method 'IsNullOrEmpty' accepting a first argument of type 'IEnumerable<IJsonRpcMethodFilter>' could be found (are you missing a using directive or an assembly reference?) [/root/nethermind/tools/Nethermind.Tools.Kute/Nethermind.Tools.Kute.csproj]

Build FAILED.

/root/nethermind/tools/Nethermind.Tools.Kute/JsonRpcMethodFilter/ComposedJsonRpcMethodFilter.cs(18,18): error CS1061: 'IEnumerable<IJsonRpcMethodFilter>' does not contain a definition for 'IsNullOrEmpty' and no accessible extension method 'IsNullOrEmpty' accepting a first argument of type 'IEnumerable<IJsonRpcMethodFilter>' could be found (are you missing a using directive or an assembly reference?) [/root/nethermind/tools/Nethermind.Tools.Kute/Nethermind.Tools.Kute.csproj]

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@emlautarom1 The updated code has been tested to ensure it generates the same token as it was with the replaced package.

@rubo rubo mentioned this pull request Jul 18, 2024
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stdevMac stdevMac stdevMac left review comments

@emlautarom1 emlautarom1 emlautarom1 left review comments

@LukaszRozmej LukaszRozmej LukaszRozmej approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rubo @LukaszRozmej @emlautarom1 @stdevMac