feat: jose asymmetric, closes #21

elysiajs / elysia-jwt

Plugin for Elysia for using JWT Authentication

MIT License

38 stars 16 forks source link

feat: jose asymmetric, closes #21 #22

Open LIMPIX31 opened 7 months ago

LIMPIX31 commented 7 months ago

Details

Asymmetric algorithms are not currently supported. At least I have not been able to get EdDSA to work as I described in #21.

Feature

Added support for asymmetric algorithms
Jose updated to version 5

How it works now

For asymmetric algorithms, use the privateKey and publicKey properties

const crv = 'Ed25519'
const d = 'N3cOzsFZwiIbtNiBYQP9bcbcTIdkITC8a4iRslrbW7Q'
const x = 'RjnTe-mqZcVls6SQ5CgW0X__jRaa-Quj5HBDREzVLhc'
const kty = 'OKP'

export const jwt = jwtPlugin({
  name: 'jwt',
  alg: 'EdDSA',
  exp: '30m',
  schema: user,
  privateKey: await importJWK({ crv, d, x, kty }, 'EdDSA'),
  publicKey: await importJWK({ crv, x, kty }, 'EdDSA')
})

As long as the PR is open

You can use this feature now

{
  "dependencies": {
    "@elysiajs/jwt": "github.com:LIMPIX31/elysia-jwt#8805cdfc6242f0bdb1079b26a46014f37fc08f7f"
  }
}

@SaltyAom

justin13888 commented 5 months ago

Was puzzled for a bit why EdDSA didn't work myself as well.

Will this be merged?

LIMPIX31 commented 5 months ago

@SaltyAom Any review on this? 🙃

justin13888 commented 5 months ago

@SaltyAom Any review on this? 🙃

I tried using the PR version in some test code (github.com:LIMPIX31/elysia-jwt#8805cdfc6242f0bdb1079b26a46014f37fc08f7f). It's great to be able to use asymmetric encryption for JWT.

EdDSA works but perhaps add some basic unit tests for all the other options to spot check.

Also, I noticed TypeScript type inferencing is broken unlike the latest release version. My test code looked something like this:

new Elysia().use(jwt({
  name: 'jwt',
  alg: 'EdDSA',
  exp: '30m',
  schema: user,
  privateKey: await importJWK({ crv, d, x, kty }, 'EdDSA'),
  publicKey: await importJWK({ crv, x, kty }, 'EdDSA')
}))
.get("/", ({ jwt}) => {...})

jwt would have type any when it should have a type.

LIMPIX31 commented 5 months ago

@SaltyAom Any review on this? 🙃

I tried using the PR version in some test code (github.com:LIMPIX31/elysia-jwt#8805cdfc6242f0bdb1079b26a46014f37fc08f7f). It's great to be able to use asymmetric encryption for JWT.

EdDSA works but perhaps add some basic unit tests for all the other options to spot check.

Also, I noticed TypeScript type inferencing is broken unlike the latest release version. My test code looked something like this:
new Elysia().use(jwt({
  name: 'jwt',
  alg: 'EdDSA',
  exp: '30m',
  schema: user,
  privateKey: await importJWK({ crv, d, x, kty }, 'EdDSA'),
  publicKey: await importJWK({ crv, x, kty }, 'EdDSA')
}))
.get("/", ({ jwt}) => {...})
jwt would have type any when it should have a type.

I don't have problems with types. What version of TS are you using? Try using 5.3.3.

P.S. I discarded the build commits in the main branch of my fork to be able to sync it