Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(chore): Add JWT Decoder and Signature Verifier #1204

Merged
merged 8 commits into from
Mar 30, 2021
Merged

(chore): Add JWT Decoder and Signature Verifier #1204

merged 8 commits into from
Mar 30, 2021

Conversation

lahirumaramba
Copy link
Member

  • Refactoring verify token take 2
  • Add JWT Decoder class
hiranya911
hiranya911 suggested changes Mar 22, 2021
View reviewed changes
Copy link
Contributor

@hiranya911 hiranya911 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this needs a bit more work in terms of getting the abstractions right. I've proposed some ideas. PTAL.
src/utils/jwt-decoder.ts Outdated Show resolved Hide resolved
src/utils/jwt-decoder.ts Outdated Show resolved Hide resolved
src/utils/jwt-decoder.ts Outdated Show resolved Hide resolved
hiranya911
hiranya911 suggested changes Mar 24, 2021
View reviewed changes
Copy link
Contributor

@hiranya911 hiranya911 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall approach and design is correct. I found a bunch of nits that can be cleaned up. I haven't looked at all the error handling bits yet. I'll get to that in the next round.
src/utils/jwt-decoder.ts Outdated Show resolved Hide resolved
src/utils/jwt-decoder.ts Outdated Show resolved Hide resolved
src/utils/jwt-decoder.ts Outdated Show resolved Hide resolved
src/utils/jwt-decoder.ts Outdated Show resolved Hide resolved
src/utils/jwt-decoder.ts Outdated Show resolved Hide resolved
src/utils/jwt-signature-verifier.ts Outdated Show resolved Hide resolved
src/utils/jwt-signature-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
@lahirumaramba lahirumaramba marked this pull request as ready for review March 24, 2021 22:05
@lahirumaramba lahirumaramba changed the title (chore): Add JWT Decoder Mar 24, 2021
@lahirumaramba lahirumaramba changed the title (chore): Add JWT Decoder and Signature Verifiers Mar 24, 2021
hiranya911
hiranya911 suggested changes Mar 24, 2021
View reviewed changes
Copy link
Contributor

@hiranya911 hiranya911 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing all the feedback. Looks pretty good! Few more things to revise and we are good to go.
src/utils/jwt.ts Outdated Show resolved Hide resolved
src/utils/jwt.ts Outdated Show resolved Hide resolved
src/utils/jwt.ts Outdated Show resolved Hide resolved
src/utils/jwt.ts Outdated Show resolved Hide resolved
src/utils/jwt.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated
const publicKeysStillValid = (publicKeysExpiredExists && Date.now() < this.publicKeysExpireAt);
if (publicKeysExist && publicKeysStillValid) {
return Promise.resolve(this.publicKeys);
if (!(error instanceof JwtError)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious as to what other error conditions can pop up here. Can we guarantee that this API only ever sees JwtError instances?
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We throw HttpError from KeyFetcher (if the fetcher is used directly without the getKey callback) and Error types for value errors.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we don't call that API directly, I think that case can never occur right? We will only see JwtError here.
src/utils/jwt.ts Show resolved Hide resolved
src/utils/jwt.ts Outdated Show resolved Hide resolved
src/utils/jwt.ts Outdated Show resolved Hide resolved
@lahirumaramba lahirumaramba mentioned this pull request Mar 24, 2021
Closed
hiranya911
hiranya911 reviewed Mar 24, 2021
View reviewed changes
src/utils/jwt.ts Outdated Show resolved Hide resolved
lahirumaramba
lahirumaramba commented Mar 25, 2021
View reviewed changes
Copy link
Member Author

@lahirumaramba lahirumaramba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the feedback!!
Updated the PR.
I removed the algorithm parameter from the API and updated the unit tests to reflect that change.
I will follow up with another update to add unit tests for the new components. Thanks!
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/utils/jwt.ts Outdated Show resolved Hide resolved
src/utils/jwt.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated
const publicKeysStillValid = (publicKeysExpiredExists && Date.now() < this.publicKeysExpireAt);
if (publicKeysExist && publicKeysStillValid) {
return Promise.resolve(this.publicKeys);
if (!(error instanceof JwtError)) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We throw HttpError from KeyFetcher (if the fetcher is used directly without the getKey callback) and Error types for value errors.
hiranya911
hiranya911 approved these changes Mar 25, 2021
View reviewed changes
Copy link
Contributor

@hiranya911 hiranya911 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm at an LGTM with a few open comments/suggestions.
src/utils/jwt.ts Outdated Show resolved Hide resolved
src/utils/jwt.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated
const publicKeysStillValid = (publicKeysExpiredExists && Date.now() < this.publicKeysExpireAt);
if (publicKeysExist && publicKeysStillValid) {
return Promise.resolve(this.publicKeys);
if (!(error instanceof JwtError)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we don't call that API directly, I think that case can never occur right? We will only see JwtError here.
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
This was referenced Jun 20, 2024
Open
Open
Open
Open
@davidhin davidhin mentioned this pull request Jul 6, 2024
Open
This was referenced Jul 17, 2024
Open
Open
This was referenced Jul 27, 2024
Open
Open
Open
Open
This was referenced Aug 10, 2024
Open
Open
This was referenced Aug 17, 2024
Open
Open
Open
Open
Open
This was referenced Aug 28, 2024
Open
Open
This was referenced Sep 5, 2024
Open
Open
This was referenced Sep 24, 2024
Open
Open
Open
Open
Open
This was referenced Oct 26, 2024
Open
Open
@davidhin davidhin mentioned this pull request Nov 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants
@lahirumaramba @hiranya911