Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Aim for ruby-jwt 3.x #548

Open
anakinj opened this issue Feb 2, 2023 · 4 comments
Open

Aim for ruby-jwt 3.x #548

anakinj opened this issue Feb 2, 2023 · 4 comments
Labels
discussion
Milestone
Version 3.x

Comments

@anakinj
Copy link
Member

anakinj commented Feb 2, 2023
edited

The gem has accumulated a bunch of great features over the years but with the consequence that it has gotten a little bloated.

The biggest challenge so far has been to preserve the backwards compatibility and to do that there is a lot of logic in the code to achieve that.

Now my suggestion is that we would try to document all the things that we would like to see changing to make the gem a nice and maintainable package for dealing with tokens.

One of the biggest challenges is probably the JWT.decode and JWT.encode APIs, how will those look in the future?

A few good pointers brought up here: #528

Tried to group things that could be made under the Version 3.x milestone.

Not sure yet how we could do bigger changes like this, maybe a dedicated 3.x branch that can be a little unstable for a while?

A few things that could help in doing bigger changes:

  • Well documented breaking changes in a UPGRADING.md file
  • Warnings in previous versions about method getting removed
  • Releasing pre versions of the next major version
@anakinj anakinj added this to the Version 3.0.0 milestone Feb 2, 2023
@anakinj anakinj pinned this issue Feb 2, 2023
@WriterZephos
Copy link

We need support for unencoded or detached payloads. I am working on those changes, but I am new to the project so I welcome any help/support.

@anakinj
Copy link
Member Author

anakinj commented May 7, 2023

Appreciate your work so far on #309. The problem as you probably noticed is that the code is not really that extendable and ends up very "if-elsy".

Been working on the 3.0 version in bursts. I pushed the work so far into the branch https://github.com/jwt/ruby-jwt/tree/version-3.0.

The main API has not changed at all (yet at least) But in the background the signing/verifying is very much different.

For this use case the functionality could be it's separate definition of handling tokens:

DetatchedEncoder = ::JWT.define do
  # define how to handle payload/token and headers here
end

No documentation yet on the functionality, have been kinda focusing on making the changes backwards compatible (except for the changes mentioned in the changlog)

@WriterZephos
Copy link

@anakinj What's the time frame for 3.0? Could we release a new minor version with my changes just for the time being? I can then help adapt the changes for the new version going forward. I just need this support sooner if possible, otherwise I will have to find another library to use.

If I could tweak my changes in a way that fits the new API in 3.0 going forward, I am happy to do so. Let me know. Thanks.

@anakinj
Copy link
Member Author

anakinj commented May 8, 2023

Currently there is not really a schedule, tinkering on it when there is extra time. I understand that there is a need but at the same time a bit hesitant bloating the current codebase even more.

Is it a possibility to use your feature via a fork until it's properly integrated into a version?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion
Projects
None yet
Milestone
Version 3.x
Development

No branches or pull requests
2 participants
@anakinj @WriterZephos