jsonwebtoken icon indicating copy to clipboard operation
jsonwebtoken copied to clipboard
verified publisher icon Keats

Would it be possible to make DecodingKey more test friendly?

Open tkrause opened this issue 3 years ago • 2 comments

Currently DecodingKey::as_bytes is crate public which means you can't even get the secret out of the DecodingKey that you originally put in.

Additionally it does not implement Debug or PartialEq so once you create a DecodingKey you cannot compare for testing purposes ever. This is really a pain point if you're trying to test your decoding logic to support many algorithms and keys using JWK as well as static secrets.

DecodingKey should really implement the std::cmp::PartialEq interface at the very least.

A similar issue exists with Algorithm where you have to resort to matching in order to implement Debug on types using it. Ideally the library would handle this case as well converting Algorithm back to a string.

tkrause avatar Nov 24 '22 20:11 tkrause

We can implement PartialEq but if we implement a Debug it should be a custom implementation that just prints the algorithm and not the data contained in it to avoid accidental dump of secrets in logs.

Keats avatar Nov 25 '22 11:11 Keats

Let's not implement PartialEq actually, only a custom Debug: https://github.com/Keats/jsonwebtoken/issues/220

Keats avatar Nov 28 '22 17:11 Keats