Ignore casing of algorithm #405
Conversation
|
Hello, @johnnyshields! This is your first Pull Request that will be reviewed by SourceLevel, an automatic Code Review service. It will leave comments on this diff with potential issues and style violations found in the code as you push new commits. You can also see all the issues found on this Pull Request on its review page. Please check our documentation for more information. |
![sourcelevel-bot[bot]](https://avatars.githubusercontent.com/in/597?s=60&v=4){kind=small}
johnnyshields
changed the title
|
There might be something wrong with how the gem handles the Ed25519 cases (#334). In general i think that making the algorithms case insensitive is maybe not a good idea. The RFCs clearly states what the values are expected to be (https://tools.ietf.org/html/rfc7518#page-9). |
It's reasonable to expect that there will case insensitive JWT implementations in the wild. Perhaps we can always encode to correct casing (uppercase), but decode irrespective of case? |
|
I agree that that the parameter given in the Just to compare the OpenSSL API is case insensitive and allows both uppercase and lowercase: |
|
Im fine with either just doing the change in #406 or then make some adjustments to this that the |
|
OK, I've updated this PR to show what it would look like to add casing coercion (e.g. "hs256" becomes "HS256" when encoding). There are still some failing specs related to unsupported case. If you like this implementation I will fix the failing specs over the weekend. |
|
Thank you for your contribution. |
(Updated 2/6/2021)
I am have to connect to a third party source for JWTs which transmits the algorithm as "Ed25519". This does not match the expected value in Ruby "ED25519". To remedy this:
In order to achieve this in a clean manner, I've extracted out a
JWT::Algosmodule which uses a more efficient lookup (pre-indexed) to find the algo. I've also introducedJWT::Algos::Nonewhich is distinct fromJWT::Algos::Unsupported