Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow decode options to specify required claims #430

Merged
merged 3 commits into from Jul 16, 2021

Conversation

andyjdavis
Copy link
Contributor

Hi, this is a potential solution for #244

When decoding, the caller can optionally supply an array of claims that must be present for the jwt to be valid. For example requiring the 'exp' claim to both be present and valid.

I wasnt sure whether to put the check within Verify.verify_claims and ultimately added Verify.verify_required_claims alongside. Let me know if you want any changes to how this is structured.

@sourcelevel-bot
Copy link

Hello, @andyjdavis! This is your first Pull Request that will be reviewed by SourceLevel, an automatic Code Review service. It will leave comments on this diff with potential issues and style violations found in the code as you push new commits. You can also see all the issues found on this Pull Request on its review page. Please check our documentation for more information.

@@ -15,6 +15,7 @@ class InvalidAudError < DecodeError; end
class InvalidSubError < DecodeError; end
class InvalidJtiError < DecodeError; end
class InvalidPayload < DecodeError; end
class MissingRequiredClaim < DecodeError; end

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JWT::MissingRequiredClaim has no descriptive comment

Read more about it here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

None of these error classes have a descriptive comment so I'm not sure I should add one.

@sourcelevel-bot
Copy link

SourceLevel has finished reviewing this Pull Request and has found:

  • 1 possible new issue (including those that may have been commented here).

See more details about this review.

@anakinj
Copy link
Member

anakinj commented Jul 9, 2021

Looks good.

Would it make sense to have one "integration" test for this, testing the public JWT.decode interface for the required_claims parameter. For example some of the examples in the readme is also tested in readme_examples_spec.rb.

@andyjdavis
Copy link
Contributor Author

Just letting you know that I have been on a short holiday but I'm back now. I will get back to this in the next 2-3 days :)

@andyjdavis
Copy link
Contributor Author

@anakinj Ive pushed a commit with an integration test. Let me know if anything needs more work.

@anakinj
Copy link
Member

anakinj commented Jul 15, 2021

Looks great. A few minor adjustments to get RuboCop happy and we are ready to merge. https://github.com/jwt/ruby-jwt/pull/430/checks?check_run_id=3077229521

@andyjdavis
Copy link
Contributor Author

@anakinj I have fixed those rubocop warnings.

@excpt excpt merged commit 3b4a1ab into jwt:master Jul 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants