Skip to content

[public-api] Refactor JWT Sign/Verify to be reusable for OIDC - WEB-206 #17327

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 24, 2023
Merged

[public-api] Refactor JWT Sign/Verify to be reusable for OIDC - WEB-206 #17327

merged 2 commits into from
Apr 24, 2023

Conversation

easyCZ
Copy link
Member

@easyCZ easyCZ commented Apr 22, 2023
edited
Loading

Description

  • Refactors the initial implementation of Session JWTs Signer & Verifier into a seperate package (jws) to be re-usable for OIDC (the original was specific to session JWTs, which needed to be generalized)
  • new Signer/Verifier only deals with signing claims, and verifying them, but does not deal with the claims contents (this makes it re-usable)
    • It ensures that we use our signing keys for new tokens
    • It ensures we can accept older keys when verifying
  • The Session JWT is refactored to provide only helper constructor and verifier for the particular Session JWT, specific through the particular type of Claims - SessionClaims

If you want to see how it simplifies OIDC JWT signing/decode, see #17328

Related Issue(s)

Fixes #

How to test

Unit tests

Documentation

Preview status

gitpod:summary

Build Options:

  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish Options
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer Options
  • analytics=segment
  • with-dedicated-emulation
  • with-ws-manager-mk2
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated

Preview Environment Options:

  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh

/hold

@easyCZ easyCZ mentioned this pull request Apr 22, 2023
Merged
14 tasks
@easyCZ easyCZ changed the title [public-api] Refactor JWT Sign/Verify to be reusable for OIDC [public-api] Refactor JWT Sign/Verify to be reusable for OIDC - WEB-206 Apr 22, 2023
@easyCZ easyCZ marked this pull request as ready for review April 22, 2023 21:41
@easyCZ easyCZ requested a review from a team April 22, 2023 21:41
@github-actions github-actions bot added the team: webapp Issue belongs to the WebApp team label Apr 22, 2023
@easyCZ
Copy link
Member Author

easyCZ commented Apr 24, 2023

/unhold

@roboquat roboquat merged commit d069f76 into main Apr 24, 2023
@roboquat roboquat deleted the mp/papi-jwt-generalize-sign-verify branch April 24, 2023 07:14
@roboquat roboquat added deployed: webapp Meta team change is running in production deployed Change is completely running in production labels Apr 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlexTugarev AlexTugarev AlexTugarev approved these changes

Assignees
No one assigned
Labels
deployed: webapp Meta team change is running in production deployed Change is completely running in production size/XXL team: webapp Issue belongs to the WebApp team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@easyCZ @AlexTugarev @roboquat