Allow configuration of the algorithm to be used for encoding/decoding #19
Conversation
|
@hrakotobe thanks for your work on that. I'm ok with it. Having the option of configuring the algorithm makes a lot of sense. But, just out of curiosity, why do you need to use an asymmetric algorithm? Usually this gem is used in a server which acts both as identity provider and resource provider. Do you have any other actor who needs to verify the token signature? In terms of robustness, if I'm not wrong, there is no difference between HS256 & RS256. You could have more security with HS512 while keeping things symmetric. About the implementation, I think everything is perfect in the library code. However, I think there is no need to change anything in the test suite. It is just a setting to allow other kind of algorithms, which are all tested in |
hrakotobe
force-pushed
the
allow-algorithm-override
branch
from
7423c27 to
643754e
Compare
|
@waiting-for-dev thanks for looking at it. For the tests, ok, that makes sense. I removed them. |
|
Could you just rename again |
hrakotobe
force-pushed
the
allow-algorithm-override
branch
from
643754e to
9671531
Compare
|
It seems there is a configuration conflict on the code style checking between Reek and Rubocop. https://travis-ci.org/waiting-for-dev/warden-jwt_auth/jobs/565924531#L649 https://travis-ci.org/waiting-for-dev/warden-jwt_auth/jobs/566357274 |
|
Thanks @hrakotobe for your great work on this. I merged it and released as v0.4.0. If you are using devise-jwt, you'll need v0.6.0. |
Allow the use of different signing algorithm when encoding/decoding JWTs.
HS256 is currently hard coded for the encoding and decoding of the token.
This is a proposition to allow overriding the default and specify more robust (in particular RS256) algorithms.
Please tell me if there is any coding style/formatting issues or comment on this approach.