Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

builtins: Marshal JWT encode sign inputs as JSON #6934

Merged
merged 1 commit into from
Aug 15, 2024
Merged

builtins: Marshal JWT encode sign inputs as JSON #6934

merged 1 commit into from
Aug 15, 2024

Conversation

charlieegan3
Copy link
Contributor

@charlieegan3 charlieegan3 commented Aug 15, 2024
edited
Loading

Fixes #6925

This change modifies the io.jwt.encode_sign built-in to marshal the parameters as JSON before signing the JWT. The previous implementation was using String(), which was a sort of pseudo-JSON that was almost correct but used the wrong JSON syntax for the set type.

I have chosen to marshal the headers in the same way as the payload as the 'crit' header can also be an array type. I marshal the signature the same way for consistency with the other two.

The tokens have changed in the assertions for whitespace adjustments. Before the 'JSON' looked like this {"foo": "bar", "bar": "foo"} and now it looks like this {"foo":"bar","bar":"foo"}. This is a shame, but seemed acceptable.

@charlieegan3 charlieegan3 force-pushed the marshal-jwt-inputs branch 3 times, most recently from 5a24c65 to 52db6ed Compare August 15, 2024 10:24
@charlieegan3 charlieegan3 mentioned this pull request Aug 15, 2024
Closed
johanfylling
johanfylling approved these changes Aug 15, 2024
View reviewed changes
Copy link
Contributor

@johanfylling johanfylling left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

Regarding the whitespaces, this is within the confines of the spec, and arguably the produced JWTs are slightly smaller now 😄. Worst case, we're breaking a couple of unit tests out there.

@charlieegan3
builtins: Marshal JWT encode sign inputs as JSON
f6b490c 
Fixes open-policy-agent#6925

This change modifies the `io.jwt.encode_sign` built-in to marshal the
parameters as JSON before signing the JWT. The previous implementation
was using String(), which was a sort of pseudo-JSON that was almost
correct but used the wrong JSON syntax for the set type.

I have chosen to marshal the headers in the same way as the payload as
the 'crit' header can also be an array type. I marshal the signature the
same way for consistency with the other two.

Signed-off-by: Charlie Egan <charlie@styra.com>
@ashutosh-narkar ashutosh-narkar merged commit 14ff052 into open-policy-agent:main Aug 15, 2024
28 checks passed
@charlieegan3
Copy link
Contributor Author

Thanks both!

@charlieegan3 charlieegan3 deleted the marshal-jwt-inputs branch August 15, 2024 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johanfylling johanfylling johanfylling approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

builtins: Error JWT but payload is not JSON when using io.jwt.encode_sign with set as payload value
3 participants
@charlieegan3 @johanfylling @ashutosh-narkar