Add support for JWKs with HMAC key type. #372
Conversation
|
Hello, @phlegx! This is your first Pull Request that will be reviewed by SourceLevel, an automatic Code Review service. It will leave comments on this diff with potential issues and style violations found in the code as you push new commits. You can also see all the issues found on this Pull Request on its review page. Please check our documentation for more information. |
|
@anakinj happy to see your review of my code. 😄 |
![sourcelevel-bot[bot]](https://avatars.githubusercontent.com/in/597?s=60&v=4){kind=small}
|
After looking at this I understand your question about why we do not export the private key a little better. Did not even know that it's a thing to present HMAC secrets as JWK :) |
|
@anakinj the RFC describes JWK with: A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. So, JWK is only a data structure that represents a cryptographic key. How a user expose a JWK to a web endpoint is not part of the RFC7517 and should not affect the behavior or structure of a JWK. |
lib/jwt/jwk/factory.rb
Outdated
| end | ||
|
|
||
| class << self | ||
| def import(jwk_data) |
There was a problem hiding this comment.
Unused method argument - jwk_data. If it's necessary, use _ or _jwk_data as an argument name to indicate that it won't be used. You can also write as import(*) if you want the method to accept any arguments but don't care about them.
lib/jwt/jwk/factory.rb
Outdated
| raise NotImplementedError, "#{self.class} has not implemented method '#{__method__}'" | ||
| end | ||
|
|
||
| def export(options = {}) |
There was a problem hiding this comment.
Unused method argument - options. If it's necessary, use _ or _options as an argument name to indicate that it won't be used. You can also write as export(*) if you want the method to accept any arguments but don't care about them.
lib/jwt/jwk/hmac.rb
Outdated
|
|
||
| module JWT | ||
| module JWK | ||
| class HMAC < Factory |
There was a problem hiding this comment.
JWT::JWK::HMAC assumes too much for instance variable '@keypair'
There was a problem hiding this comment.
What does this mean "assumes too much"?
There was a problem hiding this comment.
I think it's refers to the keypair instance variable used later in the class, not totally sure. Maybe try to access instance variables from the parent via accessors.
There was a problem hiding this comment.
:) there is a @ keypair person on GitHub. Im so sorry for tagging you :)
|
SourceLevel has finished reviewing this Pull Request and has found:
|
lib/jwt/jwk/factory.rb
Outdated
|
|
||
| module JWT | ||
| module JWK | ||
| class Factory |
There was a problem hiding this comment.
Is this a Factory or just a Base?
Otherwise this looks good. We could then refactor the other classes to use this when they reach master.
There was a problem hiding this comment.
It is an Abstract! What was I thinking here? OK, I need a break. So, we need to rename Factory to some other name. Suggestions?
There was a problem hiding this comment.
Maybe something with key as the RFC states "structure that represents a cryptographic key".
:: JWT::JWK::KeyBase or :: JWT::JWK::KeyAbstract would be my choices. I have no better suggestions :)
There was a problem hiding this comment.
Thx! I commit the changes with JWT::JWK::KeyAbstract.
|
Travis CI has failed because it has experienced an network timeout. I don't know how to re-start Travis without a commit. |
Build restarted. |
Adds support for JWKs with "kty" value "oct" (HMAC).
For additional details on these JWKs and their contents, see https://tools.ietf.org/html/rfc7517#appendix-A.3.
This implementation of
JWT::JWK::HMACadheres closely to the pattern set byJWT::JWK::RSAand PR #371 of @richardlarocqueJWT::JWK::EC. It keeps the same coding style and method names.Like specified in the RFC:
private?returns always true because "k" is always exported.