Skip to content

fix: switch from jsonwebtoken to jose for jwt signing/verification #678

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: switch from jsonwebtoken to jose for jwt signing/verification #678

wants to merge 1 commit into from

Conversation

itslenny
Copy link
Contributor

What kind of change does this PR introduce?

Bug fix / enhancement

What is the current behavior?

We currently use jsonwebtoken for signing JWTs which is fully synchronous even when using the callback pattern

What is the new behavior?

Switch to jose for jwt signing which uses libuv to sign jwts asynchronously. Also, adds support for OKP (ed25519/Ed448) jwks.

@coveralls
Copy link

coveralls commented Apr 23, 2025
edited
Loading

Pull Request Test Coverage Report for Build 14644113930

Details

  • 86 of 105 (81.9%) changed or added relevant lines in 8 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.008%) to 77.531%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/http/plugins/jwt.ts 4 5 80.0%
src/http/plugins/signature-v4.ts 3 6 50.0%
src/internal/auth/jwt.ts 57 62 91.94%
src/config.ts 11 21 52.38%
Totals Coverage Status
Change from base Build 14620910983: 0.008%
Covered Lines: 16450
Relevant Lines: 21046
💛 - Coveralls

@itslenny
fix: switch from jsonwebtoken to jose for jwt signing/verification
7bd2b6c 
- Supports async jwt signing/verification using libuv
- Add support for OKP (ed25519/Ed448) jwks
- Cleaner implementation across jwt code
@itslenny itslenny force-pushed the fix/switch-from-jsonwebtoken-tojose branch from 1dfa516 to 7bd2b6c Compare April 24, 2025 14:24
fenos
fenos reviewed Apr 25, 2025
View reviewed changes
src/internal/auth/jwt.ts
// Generate a 64-byte random key, convert the secret key to Base64URL encoding (JWK standard)
const k = crypto.randomBytes(64).toString('base64url')
return { kty: 'oct', alg: 'HS256', k }
export async function generateHS512JWK(): Promise<JwksConfigKeyOCT> {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this a breaking change?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fenos fenos fenos left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@itslenny @coveralls @fenos