Closed ybekdemir closed 4 years ago
Currently I'm working on it tho make this possible.
Since the HS-Part of the Algo-definition in RFC 7519 is based on HMAC with SHA ( hence the abbrev. HS). I'm proposing a change in the settings.py-variable concerning the Signature-Settings (currently JWT_PRIVATE_KEY_RSA_<JWT_ISSUER>
and JWT_PUBLIC_KEY_RSA_<JWT_ISSUER>
).
At least the "encryption" relevant-part should be of the form JWT_SECRET_<JWT_ISSUER>
, since it is clearer for users with HS[256, 384, 512]
where to put their secret.
For the users who configured either RSA and ECDSA (the rest of the specified suite since the PS-algorithms also use a RSA key-pair) the "encrypting" private-key is also in JWT_SECRET_<JWT_ISSUER>
.
The public key would get the variable JWT_PUBLIC_KEY_<JWT_ISSUER>
similar to the old-scheme.
Please let me know if this proposal can not be accepted.
Purpose
Currently django-oauth-toolkit-jwt library supports only "RS256" algorithm for the encode and decode functions and it is hard-coded. To be more flexible we want to make encoding algorithm configurable and encode and decode functionas will get algorithm type from main project settings. We are using pyjwt as a core library and it supports algorithms below;
We should set 'RS256' as a default algortihm.
Acceptance Criteria
GIVEN I am a developer WHEN I have defined
JWT_ALGORITHM
in my project settings THEN the JWT is generated with the defined algorithmGIVEN I am a developer WHEN I have not defined
JWT_ALGORITHM
in my project settings THEN the JWT is generated with 'RS256' algorithm