Closed kaol closed 6 months ago
Yes, that's a good idea. I will introduce a new function for this purpose, call it negotiateBestJWSAlg
or something like that, and ping you when it is ready for review. I hope to find time in the next few weeks to do some work on jose.
@kaol please take a look at the feature/118-negotiate-alg
branch, which adds a negotiation function:
negotiateJWSAlg
:: (MonadError e m, AsError e)
=> JWK
-> Maybe (NonEmpty JWA.JWS.Alg)
-> m JWA.JWS.Alg
Please let me know if it meets your needs, and any other feedback.
Yes, that looks suitable for the purpose. Thanks. For reference, here's a version of openid-connect that uses it: https://github.com/KSF-Media/openid-connect/tree/feature/negotiate-JWS-alg
I could still suggest one change about it: Remove the Maybe
from the publicly exposed negotiateJWSAlg
and add a third internal function that's used by both bestJWSAlg
and negotiateJWSAlg
. IMHO that'd be a cleaner design, unless you're thinking of deprecating best
and would offer only negotiate
.
@kaol, thanks for the feedback. I will implement the API change you suggested. I have some other changes in progress but I'll aim for a new release during the Christmas break.
I think
bestJWSAlg
should take a list of algorithms supported by the recipient as well. The key may potentially support it but there's no guarantee that the recipient will recognize it. In particular, OpenID Connect's discovery document defines fieldsand in my case I was using
openid-connect
library which usesbestJWSAlg
which returnsPS512
but the provider I'm using only listsRS256
andHS256
in the discovery and usingPS512
got me only errors.