-
-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resolves #53 Smarter handling of keys marked for use with encryption #54
Resolves #53 Smarter handling of keys marked for use with encryption #54
Conversation
… and not returned by the keyfunc() method
Thank you for the PR! I'll review it tonight or tomorrow. |
As a note, JWTs in general have a valid use case for JWK whose Relevant links: |
…adding more structure around default values
Thank you for the high quality PR and discussion @trevorlyman! This contribution is much appreciated. I'll believe I'll be merging this PR shortly. I plan on making a few edits before tagging the next release. |
Great! Glad to see this addition get made so we adhere more closely to the RFC 🤓 |
When merging there were three options:
I wanted to make sure you ended up on the contributors page, so I selected the rebase and merge option. However, I think it had the opposite effect. I think I should have used the first option, the merge commit. I'm really sorry about that. I want you to get credit for your work here in a way that's easily viewable by someone visiting the project/contributors page. I'm putting a few things from the list of edits I have yet to do before the next release. If you'd like to, you could make a quick and easy PR for anything below and I'll merge it using the correct option to get you on the contributors page.
|
Thanks for noticing that issue. I would like to show as a contributor. Looks like the whole contribution was attributed to your account. If you're up for reverting those rebase commits I'm happy to submit the same PR again. If that's not an option I'll make one of the changes you mentioned above. |
I'll do this now. |
Done reverting. You should be able to submit the same PR again. Thank you for contributing! |
Looks like the commits from when I merged with the rebase and merge method do show up on your profile for contributions to this project: https://github.com/MicahParks/keyfunc/commits?author=trevorlyman I'm including this for anyone whose searching for if the rebase and merge method adds a new contributor to your repository because this is something I searched for a few hours ago. |
With this pull request, jwks now filters out all JWKs that are explicitly marked for use with encryption operations. Only keys with a
"use": "enc"
are affected. Keys without a"use"
value are not filtered as per the RFC.This is a somewhat harsh approach to enforcing correct key usage, but this package is currently focused around aiding with signature verification.