Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minor JWT build improvements #246

Merged
merged 2 commits into from
May 25, 2020
Merged

Minor JWT build improvements #246

merged 2 commits into from
May 25, 2020

Conversation

sberyozkin
Copy link
Contributor

@sberyozkin sberyozkin commented May 22, 2020
edited
Loading

This PR:

  • Deprecates a number of builder API methods and introduces more compact alternatives.

    For example, when we do:
    Jwt.claims("somejson.json").jws().signatureKeyId("kid").sign(), signature in signatureKeyId is duplicating what both jws() and sign imply. Similarly for all other deprecated methods. The IDE also helps with algorithm related methods, for ex, when we do jws().algorithm(...) we see a SignatureAlgorithm parameter type.

    In fact, originally I did plan for Jwt.claims("somejson.json").jws().keyId("kid").sign() - the compactness of the API is a big priority, but then I somehow got offtrack when I was looking at the inner token case, where the token is signed and encrypted:

Jwt.claims().jws().keyId().innerSign().keyId().encrypt();

Here I thought well, 2 keyId(), 1st one sets a key if of the signing key, 2nd one - of the key encryption key.
But over time I've come to the conclusion that this case is quite advanced, the mainstream case is sign and in this advanced case, after the formatting, it also becomes more readable. kids will likely be configurable too.

  • deprecated none for the innerSign() - I came to this conclusion while doing the initial MP JWT PR, it is basically useless :-) to have encrypt() with an internal none as it does not add anything to the encrypt only case, i.e, it does not help with identifying who signed it. It also makes it hard to spot if the user made a typo in the config property

All of these deprecated methods/properties will be dropped in 3.0.0

  • config property support for exp and issuer - these are the only 2 claims that are required by MP JWT, so it will make much easier to test, every time I see a custom exp being set in the code I'm thinking, oh, we need to get it configured.

@sberyozkin sberyozkin added this to the 2.1.3 milestone May 22, 2020
@sberyozkin sberyozkin requested review from radcortez and MikeEdgar May 22, 2020 15:27
MikeEdgar
MikeEdgar reviewed May 22, 2020
View reviewed changes
Copy link
Member

@MikeEdgar MikeEdgar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments, looks good overall.

implementation/src/main/java/io/smallrye/jwt/build/JwtEncryptionBuilder.java Outdated Show resolved Hide resolved
implementation/src/main/java/io/smallrye/jwt/build/impl/JwtSigningUtils.java Outdated Show resolved Hide resolved
implementation/src/test/java/io/smallrye/jwt/build/JwtBuildConfigSource.java Outdated Show resolved Hide resolved
radcortez
radcortez previously approved these changes May 22, 2020
View reviewed changes
Copy link
Member

@radcortez radcortez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a recommendation to complete the deprecated tag, but not a blocker imo.

implementation/src/main/java/io/smallrye/jwt/build/JwtEncryptionBuilder.java Show resolved Hide resolved
implementation/src/main/java/io/smallrye/jwt/build/JwtEncryptionBuilder.java Show resolved Hide resolved
implementation/src/main/java/io/smallrye/jwt/build/JwtEncryptionBuilder.java Show resolved Hide resolved
implementation/src/main/java/io/smallrye/jwt/build/JwtSignatureBuilder.java Show resolved Hide resolved
implementation/src/main/java/io/smallrye/jwt/build/JwtSignatureBuilder.java Show resolved Hide resolved
@sberyozkin
Copy link
Contributor Author

Hi @MikeEdgar @radcortez thanks, will deal with the comments

@sberyozkin
Copy link
Contributor Author

@MikeEdgar @radcortez I think I've addressed all the comments, cheers

MikeEdgar
MikeEdgar previously approved these changes May 25, 2020
View reviewed changes
Copy link
Member

@MikeEdgar MikeEdgar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sberyozkin
Copy link
Contributor Author

Hi Mike thanks, I've realized I forgot to update the docs (also updated the text related to the previous changes in sync with the similar Quarkus text, @bobbyphilip - minor update around the key properties to clarify when they are effective) - please check, I can merge later this evening if there will be no comments but if some wording/grammar can be improved then it will be fine.
CC @radcortez

radcortez
radcortez previously approved these changes May 25, 2020
View reviewed changes
@sberyozkin
Copy link
Contributor Author

@radcortez Thanks, I'll do another couple of minor updates :-)

@sberyozkin
Copy link
Contributor Author

Merging now as it has already been approved a few times, updated the text to refer to a key only as opposed to a public key or private key.

@sberyozkin sberyozkin merged commit f98c883 into smallrye:master May 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobbyphilip bobbyphilip bobbyphilip left review comments

@MikeEdgar MikeEdgar MikeEdgar left review comments

@radcortez radcortez radcortez left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.2.0
Development

Successfully merging this pull request may close these issues.
4 participants
@sberyozkin @bobbyphilip @radcortez @MikeEdgar