meilisearch-swift icon indicating copy to clipboard operation
meilisearch-swift copied to clipboard

Published 20 hours ago verified publisher icon meilisearch

generateTenantToken issue related to the JWTKit dependency

Open brunoocasali opened this issue 3 years ago • 4 comments
trafficstars

I made a huge mistake when I choose vapor/jwt-kit to implement the generate tenant token method changes from Meilisearch version v0.26. It was apparently a good choice, but I discover the problem after trying to publish it.

Vapor JWTKit seemed to be the best choice out there because it had a simple and powerful protocol API and is still maintainable if we compare this package with others like: https://github.com/kylef/JSONWebToken.swift (they seem to be abandoned).

Problem:

Vapor JWTKit has only support for SPM and has no support for CocoaPods (they even have an open issue https://github.com/vapor/jwt-kit/issues/47).

The major issue I'm facing now is what we should do now:

  • Remove JWTKit and do the token generation by hand?
  • Stop publishing to CocoaPods?
  • Remove JWTKit and find another open-source solution out there?
  • Fork Vapor JWTKit and add the support for CocoaPods ourselves?

Planned actions:

  • [x] Open this issue explaining the whole situation.
  • [x] Remove attempts to release a new version 0.14.0 (both Github release and tag, since they are not working).
  • [x] Remove the version 0.14.0 from any other file mentioning it #299
  • [x] Add the pod spec lint into the Github Action CI to prevent problems like this from happening again https://github.com/meilisearch/meilisearch-swift/pull/298.
  • [x] Remove/Revert the code responsible to do the tenant token generation because it is blocking new releases now https://github.com/meilisearch/meilisearch-swift/pull/297.
  • [ ] Apply one of the solutions proposed above, to fix the generateTenantToken method.
  • [ ] After the removal of the broken generateTenantToken, release a new version.

brunoocasali avatar May 08 '22 15:05 brunoocasali

For future readers: I opted to remove the tag/release because they were just an attempt to release, and I think this would be harmless for the users. Sorry for the inconvenience. If you have any trouble with this, please open an issue :)

brunoocasali avatar May 08 '22 15:05 brunoocasali

We opted to wait for users needing this special helper before choosing the best option. Meanwhile, if some users are in an environment that do support jwt-kit you can import the library and create the tokens with the library. Here is a pseudo-code and the guide to help you along. Please mention you are interested in this feature if you do (even if you use the third party library yourself)!

bidoubiwa avatar May 16 '22 09:05 bidoubiwa

@brunoocasali I would do what @bidoubiwa suggested. Abstract the implementation and leave the user to decide how to use jwt-kit. The less dependencies in the project the better.

ppamorim avatar May 31 '22 12:05 ppamorim

Can you enlighten me more about how do think it could be done here?

brunoocasali avatar Jun 06 '22 21:06 brunoocasali