chore: support passing the publicKey in the 'kid' JWT header - Githubissues

thirdweb-dev / engine

The most powerful backend engine for web3 apps.

https://thirdweb.com/engine

Apache License 2.0

143 stars 52 forks source link

chore: support passing the publicKey in the 'kid' JWT header #553

Closed arcoraven closed 2 months ago

arcoraven commented 3 months ago

Example usage:

const payload = {};
const token = jsonwebtoken.sign(payload, privateKey, {
    algorithm: "RS256",
    expiresIn: "120s",
    keyid: publicKey,
});

// Set header `Authorization: Bearer ${token}` when calling Engine.

PR-Codex overview

The focus of this PR is to enhance authentication middleware by decoding JWT tokens and extracting public keys for keypair authentication.

Detailed summary

Updated JWT decoding to extract header and payload separately
Modified authentication logic to use extracted public key for keypair authentication

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}