Warden::JWTAuth shipped a feature for Asymmetric algorithms which adds a configuration setting for decoding_secret. By default, this is setting is configured to use secret when it is not otherwise explicitly set.
Upon further testing, however, it was clear the defaults were working as expected in that repository. The issue turned out to be that the configuration was being prematurely "cached" as nil before secret was ever set in devise-jwt.
I'm not entirely sure the purpose the .to_h was serving in self.jwt; however, all of the specs still pass without those lines, the configuration looks correct / yielding the expected settings, and testing against the app that prompted this deep dive is resolved with this change.
Warden::JWTAuth
shipped a feature for Asymmetric algorithms which adds a configuration setting fordecoding_secret
. By default, this is setting is configured to usesecret
when it is not otherwise explicitly set.On first encounter and my limited testing, I thought the default behavior was not correctly working and submitted an issue on: https://github.com/waiting-for-dev/warden-jwt_auth/issues/44
Upon further testing, however, it was clear the defaults were working as expected in that repository. The issue turned out to be that the configuration was being prematurely "cached" as nil before
secret
was ever set in devise-jwt.Before:
Output of Devise::JWT.config
Output of Warden::JWTAuth.config
After:
Output of Devise::JWT.config
Output of Warden::JWTAuth.config
I'm not entirely sure the purpose the
.to_h
was serving inself.jwt
; however, all of the specs still pass without those lines, the configuration looks correct / yielding the expected settings, and testing against the app that prompted this deep dive is resolved with this change.