Support multiple issuer:audience combinations #276
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 task
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.1.0 to 6.1.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@aaa42aa...971e284) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [Templum/govulncheck-action](https://github.com/templum/govulncheck-action) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/templum/govulncheck-action/releases) - [Commits](Templum/govulncheck-action@6bb063b...0d775f4) --- updated-dependencies: - dependency-name: Templum/govulncheck-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.8.0 to 0.9.0. - [Commits](golang/sync@v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
cmmoran
force-pushed
the
feat/jwt-multiple-issuer-validation
branch
from
f5c7e8e to
0977eb4
Compare
…ngci/golangci-lint-action-6.1.1'
…lum/govulncheck-action-1.0.1'
cmmoran
force-pushed
the
feat/jwt-multiple-issuer-validation
branch
from
0977eb4 to
0463741
Compare
Bumps [Templum/govulncheck-action](https://github.com/templum/govulncheck-action) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/templum/govulncheck-action/releases) - [Commits](Templum/govulncheck-action@6bb063b...0d775f4) --- updated-dependencies: - dependency-name: Templum/govulncheck-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…lum/govulncheck-action-1.0.1'
… option for the expectedClaims. WithExpectedClaims can be called with multiple jwt.Expected parameters to allow different Issuer:Audience combinations to validate tokens feat: support multiple issuers in a provider using WithAdditionalIssuers option Every effort has been made to ensure backwards compatibility. Some error messages will be different due to the wrapping of errors when multiple jwt.Expected are set. When validating the jwt, if an error is encountered, instead of returning immediately, the current error is wrapped. This is good and bad. Good because all verification failure causes are captured in a single wrapped error; Bad because all verification failure causes are captured in a single monolithic wrapped error. Unwrapping the error can be tedious if many jwt.Expected are included. There is likely a better way but this suits my purposes. A few more test cases will likely be needed in order to achieve true confidence in this change
cmmoran
force-pushed
the
feat/jwt-multiple-issuer-validation
branch
from
4a25c8c to
24d743e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note: I'm on a time-crunch and decided at the last minute to open a PR instead of "going it alone". I'll circle back and flesh this out more when I have spare time (... as if that will ever truly be the case...)
Support multiple issuer:audience combinations by introducing an option for the expectedClaims. WithExpectedClaims can be called with multiple jwt.Expected parameters to allow different Issuer:Audience combinations to validate tokens
feat: support multiple issuers in a provider using WithAdditionalIssuers option
Every effort has been made to ensure backwards compatibility. Some error messages will be different due to the wrapping of errors when multiple jwt.Expected are set. When validating the jwt, if an error is encountered, instead of returning immediately, the current error is wrapped. This is good and bad. Good because all verification failure causes are captured in a single wrapped error; Bad because all verification failure causes are captured in a single monolithic wrapped error. Unwrapping the error can be tedious if many jwt.Expected are included. There is likely a better way but this suits my purposes.
A few more test cases may be needed in order to achieve true confidence in this change
📝 Checklist
🔧 Changes
Notable change is the upgrade from jose/v2 to jose/v4. While the change is technically a breaking change, I included it in this PR because this fork is in use in production and jose/v2 conflicted with our current set of libraries.
📚 References
#269
🔬 Testing