Giter Site home page Giter Site logo

Comments (3)

mike-engel avatar mike-engel commented on September 13, 2024

I mostly set a default because it seems like the most common algorithm is HS256, which would allow most users to avoid having to add an extra flag.

Has the industry moved onto a different algorithm by default? Maybe we can error if the algorithm doesn't match, rather than continue to decode? I think that might be a good middle ground solution which helps everyone. What do you think?

from jwt-cli.

codedust avatar codedust commented on September 13, 2024

From my experience, asymmetric algorithms like PS512 and PS512 are very common (and an absolute must) in scenarios where the authorization server and the resource server are not operated by the same entity. This article gives a great overview over asymmetric algorithms in the context of JWTs.

In general, being aware of the choice of algorithms for signature validation is a good thing. However, setting sane defaults is a good thing, too. With #133, the new warning message provides useful feedback when the algorithms didn't match:

The JWT provided has a different signing algorithm ({:?}) than the one selected for validation ({:?}){/$}

Maybe the actual value of this change is the ability to provide a list of algorithms for signature validation. This is very useful when multiple variations of the same algorithm (e.g. PS256, PS384 and PS512) should be accepted.

To cut a long story short, I think we can also add the HSxxx algorithms as a default choice when #133 is merged. Would that be in your interest?

                      Arg::with_name("algorithms")
                         .help("a comma-separated list of algorithms to be used for signature validation. All algorithms need to be of the same family (HMAC, RSA, EC).")
+                        .default_value("HS512,HS384,HS256")
                         .takes_value(true)
                         .long("algs")
                         .short("A")
                         .possible_values(&SupportedAlgorithms::variants())

from jwt-cli.

mike-engel avatar mike-engel commented on September 13, 2024

@codedust that works for me, I think

from jwt-cli.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.