-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: implement authenticateRequest and verifyToken helper methods #31
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, it looks good to me! I've added a few comments to be addressed.
Just to confirm, you've tested it and everything works as expected, right?
src/main/java/com/clerk/backend_api/helpers/jwks/AuthenticateRequest.java
Outdated
Show resolved
Hide resolved
return new Builder(); | ||
} | ||
|
||
public static BuilderWithKey secretKey(String secretKey) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file contains quite a lot of nested classes and it's difficult to follow.
I understand the intention of providing a builder pattern that ensures you start with either a secret key or a jwt. But, I believe there might be ways to simplify it.
For example, can we have a single builder inner class with a private constructor which exposes two static methods jwtKey
and secretKey
to return an instance of the builder?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These two methods are now made available:
public static Builder secretKey(String secretKey) {
return Builder.withSecretKey(secretKey);
}
public static Builder jwtKey(String jwtKey) {
return Builder.withJwtKey(jwtKey);
}
let me know if I missed the mark
src/main/java/com/clerk/backend_api/helpers/jwks/VerifyToken.java
Outdated
Show resolved
Hide resolved
src/main/java/com/clerk/backend_api/helpers/jwks/TokenVerificationException.java
Outdated
Show resolved
Hide resolved
6c6e211
to
ca0e29d
Compare
Thanks for the review @alex-ntousias ! To run tests locally I have:
|
This PR implements authenticateRequest and verifyToken helper methods.
Notes
src/main/java/com/clerk/backend_api/helpers/
folder is .genignoredclerk-sdk-python
implementation, thesecretKey
should be passed manually. Due to sdkConfiguration being a private member ofClerk
class, thebearerAuth
value passed during sdk instantiation cannot be reused assecretKey
for convenience.Limitations
afterSignInUrl
/afterSignUpUrl
options are not implementedisSatellite
,proxyUrl
,signInUrl
,signUpUrl
) is not implementedskipJwksCache
option is not made availableTests
To run tests (
./gradlew test
) the following environment variables should be set:CLERK_SESSION_TOKEN
: The session token to be tested.CLERK_SECRET_KEY
: The Clerk secret key from the API Keys page in the Clerk Dashboard (needed for fetching Clerk's Jwks)CLERK_JWT_KEY
: The PEM public key from Clerk Dashboard (needed for networkless verification only)Example Usage
secretKey
)jwtKey
)