Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: introduce getClaims method to verify asymmetric JWTs #1030

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

feat: introduce getClaims method to verify asymmetric JWTs #1030

wants to merge 10 commits into from
+786 −66

Conversation

kangmingtay
Copy link
Member

What kind of change does this PR introduce?

  • getClaims supports verifying JWTs (both asymmetric and symmetric) and returns the entire set of claims in the JWT payload

hf
hf reviewed Jan 29, 2025
View reviewed changes
src/lib/rfc4648.ts Outdated Show resolved Hide resolved
hf
hf reviewed Jan 29, 2025
View reviewed changes
src/lib/helpers.ts Outdated Show resolved Hide resolved
hf
hf reviewed Jan 29, 2025
View reviewed changes
src/lib/helpers.ts Outdated Show resolved Hide resolved
hf
hf reviewed Jan 29, 2025
View reviewed changes
src/GoTrueClient.ts
Comment on lines +2605 to +2609
// try fetching from cache
jwk = this.jwks.keys.find((key) => key.kid === kid)
if (jwk) {
return jwk
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's important to have a process to clear-out entries from the cache according to the cache headers sent in the response. If this is used in a long-running Node server, and the JWT keys get rotated, the new keys will never be fetched.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it will because when a new JWT needs to be validated, there will be a cache miss, which would trigger getClaims to fetch the latest JWKS

hf
hf reviewed Jan 29, 2025
View reviewed changes
src/GoTrueClient.ts Outdated Show resolved Hide resolved
hf
hf reviewed Jan 29, 2025
View reviewed changes
src/GoTrueClient.ts Outdated Show resolved Hide resolved
hf
hf reviewed Jan 29, 2025
View reviewed changes
src/GoTrueClient.ts
Comment on lines +2704 to +2706
data: {
claims: payload,
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Either return payload as data or include more information, such as:

Suggested change
data: {
claims: payload,
},
data: {
claims: payload,
header,
signature,
},

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm why? the intention behind nesting it in claims is to be consistent with the response structure for getUser and getSession

hf
hf reviewed Jan 29, 2025
View reviewed changes
src/GoTrueClient.ts Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hf hf hf left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kangmingtay @hf