Introduced Policies to override Timestamp checking #241
Conversation
There was a problem hiding this comment.
This looks good and is a good first pass at #239.
Please take a moment to comment on that too if you have opinions about it. IMO, using a now parameter for the policy to represent the timestamp at which the JWT should be valid is also a good way to override some timestamp checks, with a more precise intention, and these 2 methods don't exclude each other.. one can specify a now and also disable a nbf check in the same policy.
Regarding this PR, there are some linter errors which should be easy to fix. Please run yarn lint --fix and commit the changes.
|
@mirceanis |
# [6.4.0](6.3.0...6.4.0) (2022-08-12) ### Features * add JWT verification policies to override timestamp checking ([#241](#241)) ([2934f4c](2934f4c))
|
🎉 This PR is included in version 6.4.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Pull Request to Introduce Policies for VerifyJWT
Description
This merge requests introduces a new interface in the JWT.ts module which JWTVerifyPolicies. The policies at the moment are only restricted to timestamps, but can be further expanded upon to serve better. The JWTVerifyPolicies are made a part of VerifyJWTOptions defined as
policies. These policies are used to be able to override a certain checks that are made in the VerifyJWT command. It is not a breaking change but an extension to the current implementation.Policies
The checks for these policies will not me made only and only if they are explicitly stated to be
Tests
Further tests were added to the JWT.test.ts to check whether the implemented policies were properly allowing the presentation to verify in case of a failure and the policy was made to be overridden. The following cases are covered: