simonh1000 / elm-jwt Goto Github PK

Would it be a good idea to add an extra argument to the authenticate method, or maybe set some kind of default to include or add the csrf header to the elm http send request.

Right now it looks like i have to modify the JWT library itself to add in my csrf token header.

Hi, I saw your lib and found that there is 0 tests.

Hi

I cloned this repo and ran the npm install and gulp - but the elm does not compile:

-- NAMING ERROR -------------------------------------------------- ./src/App.elm

Cannot find variable `Jwt.checkTokenExpirey`.

138|             , Jwt.checkTokenExpirey token
                   ^^^^^^^^^^^^^^^^^^^^^
`Jwt` does not expose `checkTokenExpirey`. Maybe you want one of the following?

    Jwt.checkTokenExpiry

-- NAMING ERROR -------------------------------------------------- ./src/App.elm

This usage of variable `tokenDecoder` is ambiguous.

237|                         decodeToken tokenDecoder tokenString
                                         ^^^^^^^^^^^^
Maybe you want one of the following?

    Decoders.tokenDecoder
    Jwt.tokenDecoder

the first looks like a spelling mistake where checkTokenExpiry is spelled incorrectly - and the second one I'm not sure whether it should be decoding from Jwt or Decoders?

I'd like to check not just whether a token is expired, but whether it's close to expiry. To that extent, an API like the following would be great (which would easily allow implementing the current specialized functions):

getTokenExpirationMillis : String -> Result JwtError Int
getTokenExpirationMillis = ...

getTokenTimeToExpirationMillis : String -> Task JwtError Int
getTokenTimeToExpirationMillis = ...

What do you think? I'd be happy to provide a PR if you think this is a good idea.

I'd like to reuse the firebase decoder for a generic JWT-authenticated backend (postgrest specifically), which uses the standard exp, iat, user_id fields. However, this feels wrong with the existing API, because:

• it's not firebase
• the API docs don't state what the JWT is actually expected to look like

I'd suggest defining generic = firebase and documenting the behaviour of generic. What do you think?

Hi,

Thanks for this package 👍

My API gives a 204 response with no content, but this throw an HttpError:

HttpError (BadPayload "Given an invalid JSON: Unexpected end of JSON input" { status = { code = 204, message = "No Content" }, headers = Dict.fromList [("Content-Type","text/html; charset=UTF-8")], url = "http://madeupurl.com", body = "" })

Do you have any suggestions for how to handle this? I have tried this but still get the same error:

emptyDecoder : Json.Decoder String
emptyDecoder =
    Json.value |> Json.andThen (\_ -> Json.succeed "true")

Any plans to update to 0.19?

There are some error related to record field name. In some places is msg in others is errorMsg

Please create a minimal json-server auth example.

{-| createRequest creates a Http.Request with the token added to the headers, and
sets the `withCredentials` field to True.
-}
createRequest : String -> String -> String -> Http.Body -> Json.Decoder a -> Request a
createRequest method token url body dec =
    request
        { method = method
        , headers =
            [ header "Authorization" ("Bearer " ++ token) ]
        , url = url
        , body = body
        , expect = expectJson dec
        , timeout = Nothing
        , withCredentials = False
        }

The comment seems to contradict the source code.

base64 and base64url encoding are different in the last two characters used,
ie, base64 -> '+/', or base64url -> '-_'
see https://en.wikipedia.org/wiki/Base64#URL_applications

To make the decode Jwt.decodeToken function work I needed to add this simple function to pre-process the token:

unurl = 
    let fix c = 
          case c of 
            '-' -> '+'
            '_' -> '/'
            c   -> c
    in String.map fix

Then it works great.

This fix could be added to the elm-jwt library, or the base64 library expanded to include a urldecode version.

This is not really an error but more of an FYI.

The alternative to having Elm as it's own separate app is to add Elm into the Phoenix project itself (./web/elm is the currently favored directory) and add brunch-elm or use webpack instead of brunch. This causes a problem because mix wants to compile the example program from this package (which generates some errors). By default mix is going to include anything in the web directory and try and compile it.

For those coming to this via a google search. The better way to handle this is to use ./elm instead of ./web/elm inside your phoenix app. Which does require some changes to brunch or web pack config besides just moving the directory.

Hi! Recently a colleague split the bearer token because of some security reasons, thus I ended up having to do this in all my HTTP calls:

                , headers =
                    [ Http.header "x-signature-token" tokens.signatureToken
                    , Http.header "x-header-payload-token" tokens.headerPayloadToken
                    ]

Does it make sense to add Http.{get|delete|put|post} function libs to support that use case to this library? 🤔

Hi,

The link to the examples in your readme is pointing to : "https://github.com/simonh1000/elm-jwt/examples",
but that link is broken. It should be pointing to "https://github.com/simonh1000/elm-jwt/tree/master/examples".

Regards,
Fatih.

I just set up a phoenix project to try out jwt and I get the following error:
'== Compilation error on file lib/tinker_web/web/elm/elm-stuff/packages/simonh1000/elm-jwt/5.0.0/examples/phoenix/web/gettext.ex ==
warning: no configuration found for otp_app :jwt_example and module JwtExample.Endpoint
** (ArgumentError) unknown application: :jwt_example'

All though this was a good thing for me since I hadn't yet discovered the examples, they probably shouldn't be included in elm-stuff/ when building. (Had I placed my Elm code outside Phoenix it would be different of course.)