Skip to content

impl(auth): move away from jsonwebtoken #4403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
alvarowolfx wants to merge 13 commits into
base: main
Choose a base branch
from
Draft

impl(auth): move away from jsonwebtoken #4403

alvarowolfx wants to merge 13 commits into from

Conversation

@alvarowolfx
Copy link
Collaborator

@alvarowolfx alvarowolfx commented Jan 26, 2026

Towards #3947

@codecov
Copy link

codecov bot commented Jan 26, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 88.79310% with 13 lines in your changes missing coverage. Please review.
✅ Project coverage is 94.85%. Comparing base (91b9598) to head (83eae1b).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
src/auth/src/credentials/idtoken/verifier.rs 87.69% 8 Missing ⚠️
src/auth/src/credentials/internal/jwk_client.rs 90.19% 5 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4403      +/-   ##
==========================================
- Coverage   94.98%   94.85%   -0.13%     
==========================================
  Files         192      192              
  Lines        7280     7373      +93     
==========================================
+ Hits         6915     6994      +79     
- Misses        365      379      +14

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

coryan
coryan reviewed Jan 26, 2026
View reviewed changes
@alvarowolfx alvarowolfx changed the title impl(auth): move away from jsonwebtoken in favor of rsa directly impl(auth): move away from jsonwebtoken Jan 26, 2026
@alvarowolfx
Copy link
Collaborator Author

alvarowolfx commented Jan 26, 2026

@coryan another take on this, now trying to move most of the crypto related stuff to rustls, but to read public certificates as DER I had to add others crate lower level crates - spki and pkcs1, which were already part of the dependency tree IIUC.

@alvarowolfx alvarowolfx requested a review from coryan January 26, 2026 22:49
@coryan
Copy link
Collaborator

coryan commented Jan 26, 2026

@coryan another take on this, now trying to move most of the crypto related stuff to rustls, but to read public certificates as DER I had to add others crate lower level crates - spki and pkcs1, which were already part of the dependency tree IIUC.

I am warming up to this idea. Can you explore if rustls-pki-types has the features you need? That is also in our dependency tree, and it is at 1.x:

https://docs.rs/rustls-pki-types/latest/rustls_pki_types/struct.SubjectPublicKeyInfoDer.html

@alvarowolfx
Copy link
Collaborator Author

alvarowolfx commented Jan 26, 2026

@coryan another take on this, now trying to move most of the crypto related stuff to rustls, but to read public certificates as DER I had to add others crate lower level crates - spki and pkcs1, which were already part of the dependency tree IIUC.

I am warming up to this idea. Can you explore if rustls-pki-types has the features you need? That is also in our dependency tree, and it is at 1.x:

https://docs.rs/rustls-pki-types/latest/rustls_pki_types/struct.SubjectPublicKeyInfoDer.html

I tried that too, but JWK key sets comes as a pair of prime numbers that can be used to derive the certificate key. Looks like the rustls-pki-types expect the cert to be already in DER/bytes format. But will try a bit more here.

@alvarowolfx alvarowolfx mentioned this pull request Jan 27, 2026
Merged
coryan
coryan reviewed Jan 27, 2026
View reviewed changes
src/auth/Cargo.toml
@@ -71,7 +73,7 @@ mutants.workspace = true
default = ["default-idtoken-backend", "default-rustls-provider"]
# The `idtoken` feature enables support to create and validate OIDC ID Tokens.
# See the create top-level documentation for more information.
Copy link
Collaborator

@coryan coryan Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since you are here, I just noticed a typo "create" -> "crate's"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coryan coryan coryan left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alvarowolfx @coryan