Closed cole-h closed 1 month ago
zhaofengli
commented
1 year ago Hi there, thanks for the PR! Using RS256 definitely makes more sense in production scenarios. I would appreciate if jwt_simple is used - I switched to it from jsonwebtoken specifically so that the token crate works inside WebAssembly.
cole-h
commented
1 year ago OK, done in 0a9d4938ef482cffdc2b5e09c7d1cfaad8001f52!
fd
commented
11 months ago This would be incredibly useful to us.
cole-h
commented
8 months ago Sorry for the delay -- pubkey-only validation is now supported as of 756fef8d5f35690faf3edcf1bbe928d36ffdeb32.
niklaskorz
commented
3 months ago @zhaofengli Are there any more required changes for this to be merged?
cole-h
commented
3 months ago (Probably one thing would be addressing the conflicts, which I've done now)
apexo
commented
1 month ago How is this better than HS256 in the context of attic? I've left a longer comment here: https://github.com/zhaofengli/attic/issues/95#issuecomment-2371520211
zhaofengli
commented
1 month ago I'll be merging this in #177.
Fixes https://github.com/zhaofengli/attic/issues/95.
While this adds support for RS256 JWTs, it does not remove support for HS256 JWTs. That said, it does recommend using RS256 in documentation.
We switched to using thejsonwebtokencrate since that's what we're most familiar with, but I can probably switch back tojwt_simpleif that is so desired.