-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add custom claims to device binding and signing #247
Conversation
/// - Returns: compact serialized jws | ||
/// - Throws: `DeviceBindingStatus` if any error occurs while signing | ||
public func sign(keyPair: KeyPair, kid: String, userId: String, challenge: String, expiration: Date) throws -> String { | ||
public func sign(keyPair: KeyPair, kid: String, userId: String, challenge: String, expiration: Date, customClaims: [String: Any] = [:]) throws -> String { | ||
guard customClaims.isEmpty || validateCustomClaims(customClaims) else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Move the check earlier, under DeviceBindingCallback and DeviceSigningVerifierCallback
- Instead of check empty first, can we move the check empty inside validateCustomClaims? if the list is empty consider valid.
- Since the caller is provide invalid argument, Shoud we throw invalidargumentexception?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Moved validateCustomClaims call into DeviceBindingCallback and DeviceSigningVerifierCallback
- Removed the empty check all together, validateCustomClaims method returns true for empty claims already
- In swift we don' have compile time invalidargumentexception the way java has, and also exceptions are handled differently in swift, they are runtime. I could call fatalError() which is compile time error, but not sure that's what we want.
@@ -455,4 +455,166 @@ class DeviceAuthenticatorTests: FRBaseTestCase { | |||
//all good, do nothing | |||
} | |||
} | |||
|
|||
|
|||
func test_14_ValidateCustomClaims_valid() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a test case that overrides the validateCustomClaims method, the validateCustomClaims method just return true, and when doing the binding or signing, the developer wants to override one of the existing claim.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@witrisna Added two custom classes, one always return true for validateCustomClaims and one always return false.
Added unit tests for those
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes looks good to me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! 👍🏻
DBConstants.iss] | ||
let customKeys: [String] = Array(customClaims.keys) | ||
let conflictingKeys = customKeys.filter { registeredKeys.contains($0) } | ||
return conflictingKeys.isEmpty |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return customClaims.keys.filter { registeredKeys.contains($0) }.isEmpty ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes looks good to me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me! 👍🏻
JIRA Ticket
SDKS-2788
Description
[iOS] Add custom claim to signed Device Binding and Device Signing JWT