Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: enable detached payloads for JWS #126

Merged
merged 2 commits into from
Aug 19, 2020
Merged

feat: enable detached payloads for JWS #126

merged 2 commits into from
Aug 19, 2020

Conversation

oed
Copy link
Contributor

@oed oed commented Aug 18, 2020

This PR enables a caller of createJWS to pass an base64url encoded payload directly. This is useful when you need to sign something that isn't a JSON object.

mirceanis
mirceanis requested changes Aug 19, 2020
View reviewed changes
Copy link
Member

@mirceanis mirceanis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks great but it needs some new tests.

  • decodeJWS works as expected with a JWS input and fails as expected with garbage input
  • createJWS works with both JSON payload and string payload (not sure if the method should fail when given an array as payload)

@oed
Copy link
Contributor Author

oed commented Aug 19, 2020

Thanks @mirceanis I'll add the tests!

(not sure if the method should fail when given an array as payload)

I don't see why it should as that would be valid JSON.

@mirceanis
Copy link
Member

I don't see why it should as that would be valid JSON.

I can't find a concrete reference about the JSON payload of JWT but since the RFC talks about claims in the payload that can only happen if the payload is an object, not an array.

With this changeset, I suppose that typescript would complain if you tried to call the method with an array, or number instead of an object(because of Record<string, any>) which doesn't happen when you call it from javascript.
Having an explicit check for non-object types would make this more consistent, but I'm not sure if the JWT RFC agrees with this type of check.

@oed
Copy link
Contributor Author

oed commented Aug 19, 2020

In that case it seems like the check should be in the createJWT method and not the createJWS methods as JWS allows for an arbitrary payload.

@oed
Copy link
Contributor Author

oed commented Aug 19, 2020

That also seems out of scope for this PR?

@oed
Copy link
Contributor Author

oed commented Aug 19, 2020

Pushed an update with tests.

@mirceanis
Copy link
Member

mirceanis commented Aug 19, 2020
edited
Loading

That also seems out of scope for this PR?

Yes, I was only pointing it out because of that new corner case inconsistency.
I see you removed the inconsistency so it's good now.

mirceanis
mirceanis approved these changes Aug 19, 2020
View reviewed changes
Copy link
Member

@mirceanis mirceanis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@mirceanis mirceanis merged commit 5573e63 into decentralized-identity:master Aug 19, 2020
uport-automation-bot pushed a commit that referenced this pull request Aug 19, 2020
@semantic-release-bot
chore(release): 4.5.0 [skip ci]
5ff3506 
# [4.5.0](4.4.2...4.5.0) (2020-08-19)

### Features

* enable arbitrary payloads for JWS ([#126](#126)) ([5573e63](5573e63))
@uport-automation-bot
Copy link
Collaborator

🎉 This PR is included in version 4.5.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@oed
Copy link
Contributor Author

oed commented Aug 19, 2020

Thanks 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mirceanis mirceanis mirceanis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@oed @mirceanis @uport-automation-bot