Replace JSONWebTokens.jl with JWTs.jl #8
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I played around a bit with JWTs.jl (and contacted Tanmay regarding the maintenance status of the package). My impression is that it should be possible to use it instead of JSONWebTokens.jl, and AFAICT it already includes the key id in the header (https://github.com/tanmaykm/JWTs.jl/blob/dece86f6a9f74258c7c5b463e8f71992cefa6ebc/src/JWTs.jl#L94 and https://github.com/tanmaykm/JWTs.jl/blob/dece86f6a9f74258c7c5b463e8f71992cefa6ebc/src/JWTs.jl#L153) which would require felipenoris/JSONWebTokens.jl#21 for JSONWebTokens.jl.
The PR is breaking due to changes in the configuration struct but the design is only very preliminary - I wonder e.g. if some of the setup in the test should be performed automatically (possibly as an alternative).
I tried to follow the specifications of the test server (also based the type and id of the signing key on https://launchsmarthealthit.org/v/r4/fhir/.well-known/openid-configuration or rather the jwks_uri specified therein) but unfortunately tests still fail. I wonder if some additional checks in https://github.com/smart-on-fhir/smart-launcher-v2/blob/3c79b5032adc576fba2e5d4258d61d4e0f189778/backend/routes/auth/token.ts#L252 are still violated but I tried to e.g. specify the sameiss
andsub
(due to the check in https://github.com/smart-on-fhir/smart-launcher-v2/blob/3c79b5032adc576fba2e5d4258d61d4e0f189778/backend/routes/auth/token.ts#L309-L312) without success.Never mind, I misunderstood the JWT/JWK design initially.
Any ideas @DilumAluthge?