-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for JSON Web Key Sets #505
Conversation
For now removed guidance of caching / storing the public key as this can lead to unexpected behaviour when keys are rotated. Auth0 has some guidance regards caching: https://community.auth0.com/t/caching-jwks-signing-key/17654/2 Unclear currently if this is something that should be supported in php-jwt, here or within the app. Guess it would be best to have it in firebase/php-jwt and beeing able to configure it. Opened a Issue there: |
@ADmad / @markstory - thanks for you reviews - added a test and made several improvements (see comments) |
@swiffer looks like the target branch was change to 2.next. Can you rebase the PR? |
Thus is a non trivial feature addition, so better to target the next minor release, hence I changed it to 2.next. |
Can we get it merged or is something missing? :) |
@@ -0,0 +1,27 @@ | |||
-----BEGIN RSA PRIVATE KEY----- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this file used? I don't see it referenced in this diff.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not used directly at the moment. But as the fake JSON response is containing a key set with two public keys I thought it's helpful to also include both private keys... Should I remove it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No that's ok.
@swiffer Nice work! |
Thanks! Hopefully useful for others as well. Looking forward to the next release :) |
Solution for #504
secretKey
is currently used to built a Key and decode the token does not allow JWKSjsonWebKeySet
has been introduced to not dilute the meaning of thesecretKey
Let me know what you think