Backwards-compatible implementation of RFC7519's registered claim's structure #15
Conversation
oxisto
changed the title
|
Now this introduces a whole range of other problems, specifically: Should we serialise the time as float including the fractions or not? There seems to a lot of confusion about that particular sentence in the RFC, whether actually any form of timestamp like Not sure about the state of other JWT libraries, I fear that if we start to serialise as float, this might break more things in the end than it does good. Update: I saw, that the original author tried to tackle the problem in the The question is: What would be a sensible default? Just seconds to basically ignore the fractions, but allowing developers to be more precise, if needed? |
oxisto
changed the title
|
There is still a weird flaky test failure on Go 1.15, but otherwise, this would be ready for a first review. @mfridman did you have something like this in mind? |
In this regard, RFC 3339 which is supersedes ISO 8601 as the standard for the HTTP date data type clearly states that dates must be serialized at complete precision, even at units of magnitude with zero value or in the absence of a timezone
Well, that's the ugly side of standards. As developers we still cope with the misuse of IEEE 754 and its border cases that are by design and using it in scenarios which are not clearly suitable for it like currencies. Enforcing standards can have unexpected side effects, so I get that in this scenario we do not want to break existing projects, and I agree to support extra precisions only if wanted. Kinda contradicts my previous point but it is a way to maintain the backwards compatibility in this current version |
oxisto
force-pushed
the
rfc7519-compliance
branch
2 times, most recently
from
67be5e3
to
7a54692
Compare
oxisto
force-pushed
the
rfc7519-compliance
branch
from
7a54692
to
29000da
Compare
oxisto
changed the title
oxisto
force-pushed
the
rfc7519-compliance
branch
from
78d8693
to
5149342
Compare
|
I merged in v4, there were some conflicts but everything should be ready now. |
|
I know everyone is busy (including myself). Giving a small nudge to @mfridman, @lggomez, @Waterdrips, @ripienaar. There are several request for this coming up in the issues. However it is a big PR so I definitely want to have some reviews here before we merge it :) |
Apologies, I have been quite busy as of late. I'll have some more time this week and can take a look if others haven't. |
|
Sorry for the delay. I left a comment on the documentation some days prior, and now I came back with some feedback in relation to a possible quirk on the TimePrecision nanoseconds case which, should not be a bug, must be documented for the users so they can be aware. Otherwise, aside from these 2 comments I have no other comments from my side |
Done |
|
Should be good to go then, I had to resolve one last merge conflict. Sorry @lggomez this dismissed your review for some reason... I need another approve for it to merge :) |
|
Lgtm |
|
@oxisto I saw a few mentions to this ticket, are we safe to tag a new release This was on of the main changes since the prior release, figured I'd ask just in case. |
This PR aims at implementing compliance to RFC7519, as documented in #11 without breaking the public API. It creates a new struct
RegisteredClaimsand deprecates (but not removes) theStandardClaims. It introduces a new typeNumericDate, which represents a JSON numeric date value as specified in the RFC. This allows us to handle float as well as int-based time fields inaud,expandnbf. Additionally, it introduces the typeStringArray, which is basically a wrapper around[]stringto deal with the oddities of the JWTaudfield.Closes #11