Closed navjot50 closed 2 years ago
I'm definitely open to the suggestions, I agree that the current enum naming can be confusing despite the summary stating which plugin each value is for.
Are there currently any other JWT plugins out there that can be used with WordPress?
Yeah, there are a few. Here are links:
https://wordpress.org/plugins/simple-jwt-login/ https://wordpress.org/plugins/api-bearer-auth/
I guess I can try to implement my ideas and submit it as a PR. Then, you can review and if it doesn't feel like an improvement we can simply discard the PR.
I just want to make sure we keep functionality of this library to real usecases and also don't do any unnecessary implementation work, but since there are such additional plugins you can go ahead with that. Thanks!
This should be done now with release2.0, right @navjot50 ?
Partially yes as we updated the Auth api with release 2.0. For supporting any Auth plugin can lead to some discussions but I guess you can close the issue for now.
Sounds good, V2 package was just published to nuget 🥳
Cheers 🍻
I think that the library can support any JWT Auth plugin as long as the plugin is exposing token generation via some REST endpoint. I would propose that we add an additional general method in
Auth
sub client which takes token generation details from the user and then query to get json response.Newtonsoft.Json
library can parse any arbitrary json and type it asJObject
. The token generation details can include subpath for the jwt endpoint, request body as json and the property name of the generated token in the response json. The property name will help to get the token from the parsed json response.Also, in the current api, the
AuthMethod
enum can be little confusing. The difference betweenJWT
andJWTAuth
is not clear by the api itself. I would expect theAuthMethod
to have values likeBasic
andBearer
. An additional enum can be created for the supported auth plugins. Something likeJWTPlugin
with more descriptive values likeJWTByEnriqueChavez
andJWTByUsefulTeam
. This new enum can then passed as argument to the existingRequestJWTokenAsync
method forAuth
client. So, the final api forAuth
client may look like:RequestJWTokenAsync(string username, string password, JWTPlugin jwtAuthPlugin)
RequestJWTokenAsync(JWTokenGenerationDetails jwtTokenGenerationDetails)
A similar method for ValidateJWTokenAsync can also be added.
where
JWTokenGenerationDetails
can be a C# record type likepublic record JWTokenGenerationDetails(string tokenRestSubPath, string requestBodyAsJson, string tokenPropertyPath)
.This could be a good compromise if any user is using any plugin different than the supported ones. Also, it can allow the flexibility if any of the supported plugin authors change the json structure which may break the library and give an interim fix for the users. Release 2.0 will be a good time for introducing breaking changes for enums.
I would be happy to submit PR for this.