easy icon indicating copy to clipboard operation
easy copied to clipboard
verified publisher icon thisisagile

feat(easy): Make Jwt class universal.

Open franferdez opened this issue 1 year ago • 2 comments

In order for easy to work on react-native we need to replace jsonwebtoken and loose the signing capabilities which is dependant on node crypto for a universal alternative in order to decode in all environments.

franferdez avatar May 01 '24 16:05 franferdez

This is a breaking change and an alternative to the signing should be provided.

To get easy to work in react-native, we've previously patched out jsonwebtoken using patch-package and replaced it with jsrsasign and modified Jwt.ts to keep the public api the same and preserve all functionalities. Maintaining that patch was cumbersome and we now use a shim for jsonwebtoken that implements the used methods with jsrsasign functions, we then use overrides in package.json to apply it.

Ideally, Jwt.ts would use jose, which nicely supports both node and browser. But it functions are async, which would also be breaking change to Jwt.ts.

mendrixsebas avatar May 06 '24 07:05 mendrixsebas

mendrixsebas Thank you for the feedback.

I considered rewriting JWT with jsrsasign. This is possible without patching the package. However, jsrsasign significantly increases the bundle size, which is crucial for web projects where keeping bundle size minimal is important.

Client-side signing and validation is less common. Typically, this functionality is only needed on the server. We can always extend the Jwt class with sign and validate methods in a node environment using jsonwebtoken or another library. That was my reasoning for removing this methods.

Jose appears to be a good option, but it would still be a breaking change and require polyfills for React Native.

Personally, I favor making this breaking change since decoding is typically the only functionality required on the client. You can always implement the previous version of JWT in your node environment.

As an alternative, we can also remove the Jwt class from the easy core package or keep it as an interface. That way, we can always choose the right implementation depending on the environment.

I would like to hear your opinion on these points

franferdez avatar May 06 '24 10:05 franferdez

I will close the pr since this issue is fixed with https://github.com/thisisagile/easy/pull/507

franferdez avatar Jul 22 '24 11:07 franferdez