Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mix loading from JWKS URL with keys from JSON #73

Closed
sean-rn opened this issue Nov 29, 2022 · 4 comments
Closed

Mix loading from JWKS URL with keys from JSON #73

sean-rn opened this issue Nov 29, 2022 · 4 comments

Comments

@sean-rn
Copy link
Contributor

sean-rn commented Nov 29, 2022
edited

I have a use case where I would like to use the keys loaded from a JWKS URL in addition to a set of statically configured keys. (I believe supporting this sort of case is the intent of the GivenKeys option passed to Get())

I'd like to make my code more flexible by loading the statically configured keys from a static JWKS JSON.

I could parse the JSON myself and use the NewGivenXXXX functions, but that duplicates all of the work that keyfunc's NewJSON() function already does. It feels simpler and more forward-compatible if I could use keyfunc to parse the static JWKS JSON into a map I can use as the GivenKey's option to Get().

However, if I try to construct a string[map]keyfunc.GivenKey from the JWKS instance provided by NewJSON()... I can try to use ReadOnlyKeys(), but then I run into the alg issue again.

A few possibilities which keep the public API clean

  1. A method on JKWS which returns a map of GivenKeys suitable for passing as an option to Get(): func (j *JWKS) AsGivenKeys() map[string]GivenKey
  2. A new exported function which parses a JWKS JSON into a map of GivenKeys suitable for passing as an option to Get(): func NewGivenKeysFromJSON(jwksBytes json.RawMessage) (map[string]GivenKey, error)

Both of these keep the mechanics of how the GivenKey instances are created internal to the package† (so if another situation like needing to add alg happens in the future it can be transparently applied to this function as well)

Any other ideas for helping my use case?
Note: Something like the multiple source feature proposed in #72 might also be adapted for this, but the existing Options.GivenKeys field already perfectly fits this use case and already has provisions for handling KID conflicts.

†Which my earlier KeyAlg() method did not.
@MicahParks
Copy link
Owner

MicahParks commented Nov 29, 2022
edited

Thank you for opening this issue, @sean-rn.

I think it's a good idea to support this use case. I particularly like suggestion 2 because it completely independent of keyfunc.Get's "background goroutine". And does not allow for any user error in modifying pointers still in use by keyfunc.

I may be able to think over this more and continue the discussion further after work, I am on EST time.

@sean-rn
Copy link
Contributor Author

sean-rn commented Nov 29, 2022

Pseudocode for how to use these suggestions for my use case:
Option 1:

staticJwks, err := keyfunc.FromJSON(staticJSON)
staticKeys := staticJwks.AsGivenKeys()
combinedKeys, err := keyfunc.Get(jwksURL, keyfunc.Options{GivenKeys: staticKeys})

Option 2:

staticKeys, err := keyfunc.NewGivenKeysFromJSON(staticJSON)
combinedKeys, err := keyfunc.Get(jwksURL, keyfunc.Options{GivenKeys: staticKeys})

@sean-rn sean-rn mentioned this issue Nov 29, 2022
Merged
@MicahParks
Copy link
Owner

I like option 2, which is what I think the linked PR has.

PR looks good!

@MicahParks
Copy link
Owner

The PR was perfect! Thank you for included tests too.

You can use the new release with the v1.7.0 tag.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MicahParks @sean-rn