ruby-jwt
ruby-jwt copied to clipboard
jwt
Ability to extend JWT encoding and decoding behaviour
This is a second attempt of making it possible to extend the token decoding/encoding behaviour. First version of the same idea in #434
For example to support deflating the payload after verification as discussed in #428
Rough example on how it works
class MyJWTHandler
include ::JWT
algorithm 'ES256'
jwk_resolver do |_options|
# Load JWKs from trusted source
end
signing_key es256_private_key
encode_payload do |payload|
::Base64.urlsafe_encode64(::JWT::JSON.generate(payload)), padding: true)
end
decode_payload do |raw_payload|
::JWT::JSON.parse(::Base64.urlsafe_decode64(raw_payload))
end
end
Focus now was on the decoding/encoding and signing of the token. The mechanics could be extended to claims etc..
Im going to refine this a little bit more. Not super happy with the methods setting the signing keys with.
SourceLevel has finished reviewing this Pull Request and has found:
- 6 possible new issues (including those that may have been commented here).
- 48 fixed issues! 🎉
See more details about this review.
![sourcelevel-bot[bot] avatar](https://avatars.githubusercontent.com/in/597?v=4 "Published by a pub.dev verified publisher"){kind=small}
This PR grew pretty big. Sorry for that. The implementation gatherer over the years turned out to be a little hard to extend.
The changes to the old parts of the gem is mostly to support the new DSL, with the goal to not break the behaviour of ::JWT.encode and ::JWT.decode
The internal classes ::JWT::Decode and ::JWT::Encode have breaking changes in their initializers, i guess that is OK.
Would really much appreciate any feedback on the direction of this.
Im going to close this one and yet again try to tackle issues one by one.
First up is this #510