This extends the repository pattern introduced in https://github.com/keratin/authn/pull/30 for both IdentityJWT and PasswordResetJWT. It's a nice improvement, but still doesn't fix the problem with tests needing some kind of jwt helper with its own copy of the default claims.
While doing this, I also switched the PasswordResetJWT signing to HMAC. This reduces the use of the public signing key to only IdentityJWT, which reduces timing problems with potential key rotation (https://github.com/keratin/authn/issues/23).
This extends the repository pattern introduced in https://github.com/keratin/authn/pull/30 for both
IdentityJWT
andPasswordResetJWT
. It's a nice improvement, but still doesn't fix the problem with tests needing some kind ofjwt
helper with its own copy of the default claims.While doing this, I also switched the
PasswordResetJWT
signing to HMAC. This reduces the use of the public signing key to onlyIdentityJWT
, which reduces timing problems with potential key rotation (https://github.com/keratin/authn/issues/23).