nodebb-plugin-session-sharing icon indicating copy to clipboard operation
nodebb-plugin-session-sharing copied to clipboard

Published 20 hours ago verified publisher icon julianlam

Allowing JWE aswell as JWT tokens

Open uplift opened this issue 6 years ago • 4 comments

In my quest to bring our custom version of this project inline with the official release, I have one more task to make them the same.

Our payload cookie is currently encoded using JWE tokens instead of basic JWT. Would it be possible to add a config in the Admin Setting page that allows the switch to JWE encryption?

uplift avatar Nov 21 '18 14:11 uplift

Would that require a new dependency? It doesn't look like jsonwebtoken supports JWE. If so, do you have a recommended module?

julianlam avatar Nov 29 '18 17:11 julianlam

Yes it would. We currently use https://github.com/cisco/node-jose

uplift avatar Nov 29 '18 17:11 uplift

@uplift If I am reading this correctly, we would be removing our dependency on node-jsonwebtoken and instead use node-jose, is that right?

Seems like a fairly major operation, and wouldn't be backwards compatible with pre-existing installs, unless node-jose can produce a JWS (which is what node-jsonwebtoken currently outputs)

julianlam avatar Jul 05 '19 20:07 julianlam

Hi @julianlam. I am curious if it's possible to add this feature as well.

This library https://github.com/panva/jose seems potentially more widely used than the one mentioned above and can produce a JWS for backwards compatibility.

It would also allow for different signing algorithms as requested in issue #31.

I'm not an expert on JWT's or nodebb but I'd be willing to help if you're interested.

sl354207 avatar Apr 10 '23 19:04 sl354207