search

frasertweedale / hs-jose

Haskell JOSE and JWT library
http://hackage.haskell.org/package/jose
Apache License 2.0
122 stars 46 forks source link

Missing and future JWSHeader parameters #36

Closed sophie-h closed 7 years ago

sophie-h commented 7 years ago

IANA currently lists about 35 header parameters. JWSHeader implements about 11 of them. There are also drafts using keys that are not listed in the registry yet an I need to use them.

Is there already a way to add other parameters without creating a new type?

frasertweedale commented 7 years ago

Thanks for your feedback.

Many of the header parameters pertain specifically to JWE, which is not yet implemented.

For application-specific headers, yes, you can create a new type and instance HasParams and HasJWSHeader for it (see https://github.com/frasertweedale/hs-jose/blob/3348c55579d2e3d6ce02a9237ece12e4611a210e/test/JWS.hs#L56-L65). The approach is outlined in https://gist.github.com/frasertweedale/14b2436985ec3c0eabc32149e7bb4793. This needs to be documented more clearly and I will add something to the module haddock about how to do this.

Some JWT (RFC 7519) claim names are registered for optional use in JWE headers. See https://tools.ietf.org/html/rfc7519#section-5.3. JWE support is not implemented yet, hence no direct support for these header parameters.

For "b64" (RFC 7797), there is no support yet. This is a separate feature request and if you need this please open an issue.

The scope of this issue is thus to properly document how to extend the header type to support new, application-specific header parameters. Anything else should be a separate feature request.

sophie-h commented 7 years ago

Here is a very basic example adding a "nonce" field without parseParamsFor implemented.

-- | Enhanced 'JWSHeader' with additional header parameters
data AcmeJwsHeader = AcmeJwsHeader
  { _jwsStandardHeader :: JWSHeader
  , _jwsAcmeHeaderNonce :: AcmeJwsNonce
  } deriving (Show)

makeLenses ''AcmeJwsHeader

instance HasParams AcmeJwsHeader where
  params x =
    [(Protected, ("nonce", toJSON (_jwsAcmeHeaderNonce x)))] ++
    params (_jwsStandardHeader x)
  parseParamsFor = undefined

instance HasJWSHeader AcmeJwsHeader where
  jWSHeader = jwsStandardHeader
frasertweedale commented 7 years ago

@sophie-h I think I'm pretty much done for now with features, refactoring, documentation and examples, and it's time to cut a major release. Could you please test current master (0b1981ef2d29dc03e0c59ee0b3f14873189c4877) and let me know if it works for you and your ACME tool?

At this stage, I'm planning to release about one week from now.

sophie-h commented 7 years ago

Could you please test current master (0b1981e) and let me know if it works for you and your ACME tool?

To support version 0.6 I have "26 insertions(+), 51 deletions(-)"

hemio-ev/libghc-acme@5a6e69b3d791226fb2768bcf03629c700924d0fe

All my tests are passing. That makes a very nice hs-jose version for me! Thanks!