Support verifying token signature using a JWK #692
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
anakinj
changed the title
anakinj
force-pushed
the
verification-via-jwk-suppport
branch
from
933099f to
2bbf6bc
Compare
anakinj
changed the title
There was a problem hiding this comment.
Pull Request Overview
This PR enables token signature verification using a JWK by deriving the correct JWA algorithm from the JWK’s alg or crv parameters.
- Adds
verify/signmethods andresolve_algorithmlogic in JWK key classes - Refactors
EncodedToken#verify_signature!andvalid_signature?to use JWKs and key finders - Adds corresponding tests, updates examples in README.md, and updates CHANGELOG.md
Reviewed Changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| spec/jwt/jwk/rsa_spec.rb | Adds RSA JWK verification tests |
| spec/jwt/jwk/ec_spec.rb | Adds EC JWK verification tests |
| spec/jwt/encoded_token_spec.rb | Tests EncodedToken#verify_signature! with a JWK key |
| spec/integration/readme_examples_spec.rb | Adds readme integration example for JWK verification |
| lib/jwt/jwk/key_base.rb | Implements verify/sign and resolve_algorithm |
| lib/jwt/jwk/ec.rb | Overrides resolve_algorithm to handle crv |
| lib/jwt/jwa/ecdsa.rb | Exposes curve_by_name helper |
| lib/jwt/jwa.rb | Introduces VerificationContext and verifier factory |
| lib/jwt/encoded_token.rb | Refactors signature validation to support JWKs |
| README.md | Adds example for JWK-based verification |
| CHANGELOG.md | Documents new JWK verification feature |
Comments suppressed due to low confidence (3)
spec/jwt/jwk/rsa_spec.rb:120
- The context description is duplicated. Rename this to something like 'when the jwk has an invalid alg value'.
context 'when the jwk is missing the alg header' do
spec/jwt/jwk/ec_spec.rb:137
- The description says 'returns true' but the expectation checks for
false. Update the example description to 'returns false'.
it 'returns true' do
spec/integration/readme_examples_spec.rb:477
- This example invokes
verify!without any assertion. Consider adding anexpect { ... }.not_to raise_erroror other matcher to ensure the behavior is verified.
encoded_token.verify!(signature: { key: jwk })
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This tries to implement the idea in #400 by using the
alg/crvparameter to resolve the algorithm and use that for verifying the signature.Checklist
Before the PR can be merged be sure the following are checked: