Preperations for version 2.x #49
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JWT, JWS, JWA logic should be represented in seperate modules. Added new pending tests for each module. Update travis configuration. Dropped support for jruby and rbx for now. Added some more configuration options for travis. Renamed spec/helper to spec/spec_helper. All tests now load the modules by relative path. Added empty JWA and JWS modules.
Dropping ruby mri 1.8 support due to the missing require_relative support. Adding codeclimate test reporter gem. Update spec/spec_helper configuration.
Add first HMAC functionality to JWA.
Make rspec tests more readable. Add missing bit to description for HMAC rspec test cases.
Add basic support for RSA-SHA functionality. Add bin/prepare-test.sh file. Generates certificates required for running the tests. Update .gitignore file. Update .travis.yml file.
ECDSA cannot be implemented without fixing following bug in the ruby openssl libs: https://bugs.ruby-lang.org/issues/5600
Add simple plain verification and signing functions. Uncomment and disable ecdsa features.
Drop old code. Reformat code. Drop current code. Add first specs to cover simple HS256 decoding and encoding.
See: JSON Web Algorithms (only for digital signatures) https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-38#section-3
Extend JWA HMAC logic, add sign/verify basic logic and tests. Break tests by removing padding from base64 encoded strings. TODO: Implement padding handling for base64 strings in order to be compatible with the JOSE JWT/JWS/JWA specs.
Add JWA::NONE for plain JWT Update JWT to integrate JWA
| # But with some leeway, it will still validate | ||
| JWT.decode(jwt_payload, 'secret', true, leeway=10) | ||
| ```ruby | ||
| jwt_payload = JWT.encode({'exp': Time.now.to_i + 30}, 'secret') |
There was a problem hiding this comment.
Maybe I'm just nitpicking here but in the code blocks throughout the README you're using different hash syntaxes, double and single quotes etc.
Since Ruby 1.8 is removed in that PR how about replacing all of these with the short notation?
(e.g. { exp: Time.now.to_i })
There was a problem hiding this comment.
That's right. I will change this and update the PR.
Change examples to use to current hash syntax since ruby 1.8 dropped in version 2.x.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I think it is time to clean up the single module behavior of the jwt gem to keep up with the specs of JWT and the underlying specs (JWS, JWE, JWA, JWK). As a result the gem should match at least the JWT specifications for the signing of JSON Web Tokens. Encryption may be another goal to but I think it shouldn't be the main approach.
The code is not complete yet. I'd like to get feedback or a code review for the current code base and maybe we can add a milestone and figure out what should be implemented in the version 2.x branch.
What I've done so far:
Goals: