Closed dvsekhvalnov closed 8 years ago
dvsekhvalnov
commented
8 years ago @leastprivilege, added HS-* and RS-* signing and keys management based on PCLCrypto.
Looks all working at first glance (at least unit tests are passing). Added little bit of docs and uploaded jose-pcl.nupkg to git, so you can grab it and try to see if it is working for you.
For now, let's see what your feedback will be and then decide where to go next.
leastprivilege
commented
8 years ago Will do over the weekend. Thanks! — cheers Dominick Baier
leastprivilege
commented
8 years ago Hey
it loads fine in Xamarin -
i tried this:
string token = JosePCL.Jwt.Encode (payload, JosePCL.JwsAlgorithms.None, null);
which gives me a not implemented exception. is that expected?
at JosePCL.Jwt.Encode (System.String payload, System.String signingAlgorithm, System.Object key) [0x00000] in <filename unknown>:0
at JoseTest.ViewController.TestButton_TouchUpInside (System.Object sender, System.EventArgs e) [0x00021] in /Users/dominick/Projects/JoseTest/JoseTest/ViewController.cs:28
at UIKit.UIControlEventProxy.Activated () [0x00007] in /Users/builder/data/lanes/2966/58ba2bc3/source/maccore/src/UIKit/UIControl.cs:37
at (wrapper managed-to-native) UIKit.UIApplication:UIApplicationMain (int,string[],intptr,intptr)
at UIKit.UIApplication.Main (System.String[] args, IntPtr principal, IntPtr delegate) [0x00005] in /Users/builder/data/lanes/2966/58ba2bc3/source/maccore/src/UIKit/UIApplication.cs:77
at UIKit.UIApplication.Main (System.String[] args, System.String principalClassName, System.String delegateClassName) [0x00038] in /Users/builder/data/lanes/2966/58ba2bc3/source/maccore/src/UIKit/UIApplication.cs:61
at JoseTest.Application.Main (System.String[] args) [0x00008] in /Users/dominick/Projects/JoseTest/JoseTest/Main.cs:12 looking at your nuspec - there might be an issue. If i find time later today i gonna try to change it and package locally. I'll let you know.
leastprivilege
commented
8 years ago hm - not sure what's going on.
I forked your solution and added unit tests running on standard .NET
https://github.com/leastprivilege/jose-pcl
I also get "not supported exceptions" in the tests.
I need to do more investigation.
dvsekhvalnov
commented
8 years ago @leastprivilege are you sure you running latest code from master?
Try https://github.com/dvsekhvalnov/jose-pcl/blob/master/jose-pcl.0.0.1.nupkg i rebuilt one before commit.
leastprivilege
commented
8 years ago i did. It throws when calling ExportKeyBlob IIRC - so in PclCrypto i think.
leastprivilege
commented
8 years ago i need to have a closer look - but on my way to the airport right now.
dvsekhvalnov
commented
8 years ago That's may be a thing. You are trying to run on IOS or Android? They probably don't support BCrypt.
I only tried .NET 4.5 and windows 8.1 when was playing with PCLCrypto.
Let me see if i can change from BCrypt to something else.
leastprivilege
commented
8 years ago but thats also happening in my .net45 test project - clone my fork to check
dvsekhvalnov
commented
8 years ago @leastprivilege , couple things here:
leastprivilege
commented
8 years ago OK - will try later.
leastprivilege
commented
8 years ago Hey,
got it working with the new nuget!
Here's the decoded content (with HS256)
dvsekhvalnov
commented
8 years ago Okay, solves your issue? :)
i can push to nuget.org if you feel it is good enough.
leastprivilege
commented
8 years ago let me try it in the context of our lib. I will let you know!
leastprivilege
commented
8 years ago Push it to nuget please - as a pre-release. That's easier for me to consume.
dvsekhvalnov
commented
8 years ago Hey, sorry for delay, @leastprivilege .
Here you go: https://www.nuget.org/packages/jose-pcl
leastprivilege
commented
8 years ago Thanks! I am slow as well - hope to find more time over the weekend.
— cheers Dominick Baier
On 19 March 2016 at 13:41:53, dvsekhvalnov (notifications@github.com) wrote:
Hey, sorry for delay, @leastprivilege .
Here you go: https://www.nuget.org/packages/jose-pcl
— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub
leastprivilege
commented
8 years ago hey - that's interesting
dvsekhvalnov
commented
8 years ago Do you want me to update to latest PCLCrypto?
leastprivilege
commented
8 years ago Getting rid of the mono dependency sounded like a good reason to do that. Wanna give it a try?
dvsekhvalnov
commented
8 years ago @leastprivilege , let's wait for your results. Before making further development, would be nice to know that all is working as expected :)
leastprivilege
commented
8 years ago OK
leastprivilege
commented
8 years ago I published the 1st version. thanks for your help.
https://github.com/IdentityModel/IdentityModel.OidcClient
I need a couple more features - will open new issues ;)
escamoteur
commented
8 years ago Hi,
I was just looking for a PCL implementation of JWT. Can the lib already be used? Will it support encryption in future?
Thanks Thomas
dvsekhvalnov
commented
8 years ago Hi @escamoteur ,
sure you can use it, it is published on nuget.org now.
About future enhancements - it was experimental work to replace crypto layer based on portable PCLCrypto implementation. If there are some interest in library i can add more capabilities like encryption, e.t.c.
I obviously don't have any ETA at the moment, since i don't know how much interest to this library yet.
You can also take a look at: https://github.com/dvsekhvalnov/jose-rt which provides better coverage of algorithms if portable layer is not a concern.
escamoteur
commented
8 years ago Actually with the aquisition of Xamarin by MS I think the interest in a PCL will rise. Alone in the last two days I read quesions about JWT and Xamarin. I already use it and so far it seems to work. I deserialized with JSON.net as there is no templated Decode at the moment in the lib.
dvsekhvalnov
commented
8 years ago Ok, well then i'll probably add some encryption. But as said don't have any ETA for this at the moment.
Are you interested in some specific encryption algorithms?
escamoteur
commented
8 years ago Actually encryption is not that important to me at the moment, but as the Windows lib offers it, the "mobile client" should be able to consume it.
dvsekhvalnov
commented
8 years ago Usually for most use-cases HS-* and RS-* signing is enough :)
But yeah, i don't mind to add more stuff once have time.
escamoteur
commented
8 years ago Your are probly right. But what would be really nice were if you could add Templated Decode, so that I don't have to use JSON.net
dvsekhvalnov
commented
8 years ago What do you mean by "templated Decode" ?
escamoteur
commented
8 years ago Decode
dvsekhvalnov
commented
8 years ago There is Decode in library, see: https://github.com/dvsekhvalnov/jose-pcl#verifying-and-decoding-tokens
are you looking for something else?
escamoteur
commented
8 years ago But not with a Type parameter like in the full version. I can't do like that
JwtToken payload = Jose.JWT.Decode
Where JwtToken is:
public class JwtToken
{
public string sub;
public long exp;
}Yeah, i see now. Was it so useful? I was thinking to completely remove it since it is so easy to implement outside :)
escamoteur
commented
8 years ago It just makes the code look much more eleganz :-) Compare:
var payload = Jose.JWT.Decode<JwtToken>(jwtToken, JwtToken.SecretKey);to
currentJwTString = JosePCL.Jwt.Decode(result.JwtToken, JwtToken.SecretKey);
currenJwtToken = JsonConvert.DeserializeObject<JwtToken>(currentJwTString);:) ok, i'll see what we can do to improve it.
dvsekhvalnov
commented
8 years ago looks like it is working, closing for now :)
Hi @leastprivilege,
i pushed initial skeleton for nuget package, it supports only None (Plaintext) alg so far. Pretty useless in real life but i want to make sure the package is portable and can be used with Xamarin or other targets you are interested in.
So if you can grab source, compile and run ./build-nupkg.cmd to assemble .nupkg file and then try to reference it in your project and run simple tests, like:
would be awesome.
I'll start digging to PCLCrypto in the mean time.