Closed obrunsmann closed 1 week ago
ganigeorgiev
commented
1 week ago Please don't spam the issues tracker with requests without providing at least some details why this is needed in the first place.
If you are not sure how to describe the needed functionality then a Q&A discussion will be a better place for this type of posts.
In any case, I already have enough on my hands and I'm not planning adding or changing the JWT helpers.
obrunsmann
commented
1 week ago Thank you for your response, although I must admit I was a bit taken aback by the tone. I'm certainly not looking to spam the issues tracker and only posted here because I believe this functionality would be beneficial for many users.
To illustrate the necessity, consider the App Store Connect API, which requires specific JWT headers, including alg and kid. Without the ability to set custom headers directly in the JWT helper, it becomes challenging—if not impossible—to properly authenticate requests to the API. This is a standard requirement for many APIs that leverage JWT, where headers are part of the expected format for security and compatibility.
Additionally, if a JWT helper is included, it would make sense to support multiple algorithms, such as ES256, which is commonly used alongside RS256 in many authentication flows today. Flexibility in header customization and algorithm support would significantly broaden the utility of the helper across different APIs and use cases.
Thank you for considering these points, and please let me know if there’s a better place for discussions like this.
Example Docs: https://developer.apple.com/documentation/appstoreconnectapi/generating-tokens-for-api-requests
ganigeorgiev
commented
1 week ago @obrunsmann I'm sorry if this came out rude, but I'm not promising anything more than what is already published and I'm tired of users constantly demanding things without putting a little effort to even convince me why I need to dedicate my free time to work on the things they need.
I could understand why you may be bit taken aback by my tone but you have to keep in mind that this is a personal non-commercial project and I work on it on volunteer basis. It is not a startup, nor a business and technically it already suffice my use case (see presentator#183).
Unfortunately I still don't understand what actually is your end goal and how exactly do you plan to use the eventual JWT helpers.
The exposed JWT helpers are essentially direct mapping from the repo's Go security subpackage and currently only HS256 is supported out of the box because that is what PocketBase uses internally (if you want something to change in regards to them feel free to open a PR with your suggestion).
But in general, if you need more advanced functionality than what the JSVM offers I'd recommend using Go since you'll have full control over the application flow (note that there will be breaking changes in the upcoming v0.23.0 release; see develop CHANGELOG starting from the bottom).
obrunsmann
commented
1 week ago @ganigeorgiev Thank you for your detailed answer. I understand your points, especially because I have also managed some open source projects myself and therefore know the demands of many developers.
I didn't think about the fact that the functions are not implemented in Pocketbase at all, but only passed through. I have already started to implement the necessary functions directly in golang and understand that it is disproportionate to add more functions here.
Thanks for your advice on the next version!
I need to add a custom header to JWT. Currently only payload is possible.