Skip to content
This repository has been archived by the owner on Aug 21, 2024. It is now read-only.

Updated JWT authentication to handle RSA signatures #10961

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Updated JWT authentication to handle RSA signatures #10961

wants to merge 1 commit into from

Conversation

barankyle
Copy link
Member

Summary

New authentication-setting fields for JWT algorithm and JWT public key. Keys should be inserted as strings with '\n' replacing new lines.

Replaced the last of the API.instance.client uses with Engine.instance.api

Added a new service that will return the JWT public key.

Resolves IR-3827

Subtasks Checklist

Breaking Changes

References

closes #insert number here

QA Steps

@barankyle barankyle force-pushed the IR-3827-rsa-key-for-jwt-signing branch from c5d50f3 to 03c36e4 Compare August 14, 2024 00:58
hanzlamateen
hanzlamateen suggested changes Aug 14, 2024
View reviewed changes
Copy link
Member

@hanzlamateen hanzlamateen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. It seems like some github checks are failing
  2. Getting following error when running locally.
    image

packages/client-core/src/user/services/AuthService.ts Outdated Show resolved Hide resolved
packages/client-core/src/API.ts Outdated Show resolved Hide resolved
packages/server-core/src/createApp.ts Outdated Show resolved Hide resolved
packages/server-core/src/user/jwt-public-key/jwt-public-key.hooks.ts Outdated Show resolved Hide resolved
@barankyle
Updated JWT authentication to handle RSA signatures
c40dcd4 
New authentication-setting fields for JWT algorithm and JWT public key.
Keys should be inserted as strings with '\n' replacing new lines.

Replaced the last of the API.instance.client uses with Engine.instance.api

Added a new service that will return the JWT public key.

Replaced current jsonwebtoken.decode calls with jsonwebtoken.verify.
decode does not check if the signature is valid.

Resolves IR-3827
@barankyle barankyle force-pushed the IR-3827-rsa-key-for-jwt-signing branch from 03c36e4 to c40dcd4 Compare August 14, 2024 20:45
@barankyle barankyle requested a review from speigg as a code owner August 14, 2024 20:45
@barankyle barankyle requested a review from hanzlamateen August 14, 2024 20:52
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@DanielBelmes DanielBelmes Awaiting requested review from DanielBelmes DanielBelmes is a code owner

@aditya-mitra aditya-mitra Awaiting requested review from aditya-mitra aditya-mitra is a code owner

@SYBIOTE SYBIOTE Awaiting requested review from SYBIOTE SYBIOTE is a code owner

@CITIZENDOT CITIZENDOT Awaiting requested review from CITIZENDOT CITIZENDOT is a code owner

@MoizAdnan MoizAdnan Awaiting requested review from MoizAdnan MoizAdnan is a code owner

@hurairahmateen hurairahmateen Awaiting requested review from hurairahmateen hurairahmateen is a code owner

@HexaField HexaField Awaiting requested review from HexaField HexaField is a code owner

@speigg speigg Awaiting requested review from speigg speigg is a code owner

@hanzlamateen hanzlamateen Awaiting requested review from hanzlamateen hanzlamateen is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
verified-contributor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@barankyle @hanzlamateen