Add custom claims to device binding and signing #247
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vahancouver
requested review from
spetrov,
jeyanthanperiyasamy,
witrisna,
rodrigoareis and
george-bafaloukas-forgerock
witrisna
requested changes
Nov 23, 2023
| /// - Returns: compact serialized jws | ||
| /// - Throws: `DeviceBindingStatus` if any error occurs while signing | ||
| public func sign(keyPair: KeyPair, kid: String, userId: String, challenge: String, expiration: Date) throws -> String { | ||
| public func sign(keyPair: KeyPair, kid: String, userId: String, challenge: String, expiration: Date, customClaims: [String: Any] = [:]) throws -> String { | ||
| guard customClaims.isEmpty || validateCustomClaims(customClaims) else { |
There was a problem hiding this comment.
- Move the check earlier, under DeviceBindingCallback and DeviceSigningVerifierCallback
- Instead of check empty first, can we move the check empty inside validateCustomClaims? if the list is empty consider valid.
- Since the caller is provide invalid argument, Shoud we throw invalidargumentexception?
There was a problem hiding this comment.
- Moved validateCustomClaims call into DeviceBindingCallback and DeviceSigningVerifierCallback
- Removed the empty check all together, validateCustomClaims method returns true for empty claims already
- In swift we don' have compile time invalidargumentexception the way java has, and also exceptions are handled differently in swift, they are runtime. I could call fatalError() which is compile time error, but not sure that's what we want.
| @@ -455,4 +455,166 @@ class DeviceAuthenticatorTests: FRBaseTestCase { | |||
| //all good, do nothing | |||
| } | |||
| } | |||
|
|
|||
|
|
|||
| func test_14_ValidateCustomClaims_valid() { | |||
There was a problem hiding this comment.
Add a test case that overrides the validateCustomClaims method, the validateCustomClaims method just return true, and when doing the binding or signing, the developer wants to override one of the existing claim.
There was a problem hiding this comment.
@witrisna Added two custom classes, one always return true for validateCustomClaims and one always return false.
Added unit tests for those
rodrigoareis
approved these changes
Nov 28, 2023
witrisna
approved these changes
Dec 1, 2023
| DBConstants.iss] | ||
| let customKeys: [String] = Array(customClaims.keys) | ||
| let conflictingKeys = customKeys.filter { registeredKeys.contains($0) } | ||
| return conflictingKeys.isEmpty |
There was a problem hiding this comment.
return customClaims.keys.filter { registeredKeys.contains($0) }.isEmpty ?
vahancouver
requested review from
rodrigoareis,
witrisna,
spetrov and
jeyanthanperiyasamy
jeyanthanperiyasamy
approved these changes
Dec 4, 2023
witrisna
approved these changes
Dec 4, 2023
rodrigoareis
approved these changes
Dec 4, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
JIRA Ticket
SDKS-2788
Description
[iOS] Add custom claim to signed Device Binding and Device Signing JWT