Closed secdec24 closed 3 years ago
Yep, I had attempted to fix the verification https://github.com/prince-chrismc/jwt-cpp/tree/boost-traits
I have never used boost json (or any boost library except asio a while back), but I think (actually I am pretty sure) the reason it fails is the following (from boost docs, highlight by me):
Instances of the object type are associative containers holding key and value pairs, where the key is a string_view and the mapped type is a value.
jwt-cpp expects a std::string
as key which is why it fails to compile. The reason why everything still works fine is because std::string_view
is implicitly convertible to std::string
and has a very similar interface. So on the first time it hits any other function call or assignment, its converted to std::string
and everything just works from there.
Given this, I think it's probably safe to change https://github.com/Thalhammer/jwt-cpp/blob/ac0424b115721e4066d2fb99f72ba0cd58759882/include/jwt-cpp/jwt.h#L1850 to use std::is_convertible
instead of std::is_same
, which should get rid of the error without being too lax.
I am not sure it's that easy, because the verification makes a lot of assumptions like adding to shrink strings.
Boost.JSON has an internal implementation below C++17... which is not convertible to std::string
and does not have the same API.
See https://github.com/boostorg/json/blob/5b45854bb0422d9a37d846c018535cc1004e1449/doc/qbk/07_faq.qbk#L61
string also implements an improved interface that replaces extraneous overloads with ones that use __string_view__
As OP mentions, creation is easy but they did not try to verify it with jwt-cpp
If I remove that static assert then I am able to successfully create a token. I have also been able to verify the resulting token using a separate library.
From the tests I have done the verification is a lot harder than it looks. You can check this commit https://github.com/prince-chrismc/jwt-cpp/commit/85d59657ad779ec9a8c6e953adadb4d5ee50597a and this one too https://github.com/prince-chrismc/jwt-cpp/commit/d7585d70a6ce2a2916c6453977a434891dcd497c to see how I tricked it to working along with the short comming I found.
Is support Boost.JSON standalone with C++17 requirement a good enough solution?
I got it working here
I have written an example on how to integrate Boost.JSON with this library. However, the following static assert:
in
jwt.h
line 1872 causes everyset_*
function to error when creating a JWT.The produced error is:
If I remove that static assert then I am able to successfully create a token. I have also been able to verify the resulting token using a separate library.
Before submitting a pull request to add this example to the code base, I would appreciate some discussion/insight as to why this is occurring.
Here is the complete example of the Boost.JSON integration.