Closed grempe closed 8 years ago
grempe
commented
8 years ago Thanks for merging PR over in your jwt_claims gem this morning. Perhaps you can merge this one too? A release is needed only to cover the change to expand which versions of the json gem are allowed.
Cheers.
grempe
commented
8 years ago I see Travis CI build failed on the merged commits. I think this is a Travis CI temporary env issue though. Submitting another commit would probably clear it I think. It only failed on 2.3.1 (which I tested against locally):
https://travis-ci.org/garyf/json_web_token/jobs/166263031
If you could push a new release as well to resolve the json dependency issue that would be great.
Thanks
garyf
commented
8 years ago I am inclined to bump the json runtime dependency to '~>= 2.0'
grempe
commented
8 years ago Thanks for the release. The only thing I would be concerned about is whether you can use json ~> 2.0 with the older rubies that you currently support. I didn't want to take away support for anything that you were currently supporting.
I know there are some issues where older MRI rubies can be sensitive about which json gem is installed but I can't find a good resource for that at the moment.
I think if you change travis.yml and the readme to support only Ruby >= 2.2 you would be in good shape for that change. I think it might also make sense to drop the 2.0 and 2.1 rubies which are already at or near EOL (especially since this is a security sensitive library).
grempe
commented
8 years ago PS - Here is the link to my WIP Rack middleware to do JWT authentication using your gems.
https://github.com/grempe/rack-json_web_token_auth
The docs are still a work in progress, and I plan to change the use of excluded paths in favor of whitelisted paths. Its pretty well tests and I think covering most of the scenarios. I'd love to get any feedback.
grempe
commented
8 years ago FYI, I've made some pretty substantial updates to the gem I linked to above and fleshed out the README.
https://github.com/grempe/rack-json_web_token_auth
It now has a much better DSL for specifying both protected and unprotected paths. You can also set JWT config on a per resource basis which was a key design goal. The old 'excluded' paths are gone.
https://github.com/grempe/rack-json_web_token_auth
Love to hear any feedback you may have now that its pushed to Rubygems as v0.1.0 (pre-release)
Don't worry, I won't bug you about this anymore if you don't care to take a look. :-)
This is a companion pull request to https://github.com/garyf/jwt_claims/pull/2 which addresses the same gem modernization issues (in addition to fixes).