Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | util.jwt: More robust ECDSA signature parsing, fail early on unexpected length | Matthew Wild | 2022-09-30 | 1 | -1/+5 |
| | |||||
* | util.jwt: Add support for ES512 (+ tests) | Matthew Wild | 2022-09-29 | 1 | -0/+1 |
| | |||||
* | util.crypto, util.jwt: Generate consistent signature sizes (via padding) | Matthew Wild | 2022-09-29 | 1 | -4/+4 |
| | | | | | | This fixes the signature parsing and building to work correctly. Sometimes a signature was one or two bytes too short, and needed to be padded. OpenSSL can do this for us. | ||||
* | util.jwt: Add new init() convenience method to obtain both signer and verifier | Matthew Wild | 2022-07-11 | 1 | -0/+6 |
| | |||||
* | util.jwt: Consolidate payload parsing, ensure it's always a valid object | Matthew Wild | 2022-07-11 | 1 | -11/+13 |
| | |||||
* | util.jwt: Provide built-in token expiry support (defaults to 3600s lifetime) | Matthew Wild | 2022-07-11 | 1 | -3/+28 |
| | | | | | | | | To avoid every user of the library needing to add and verify expiry info, this is now handled by util.jwt itself (if not overridden or disabled). Issuing tokens that are valid forever is bad practice and rarely desired, and the default token lifetime is now 3600s (1 hour). | ||||
* | util.jwt: All the algorithms (+ all the tests!) | Matthew Wild | 2022-07-02 | 1 | -5/+12 |
| | | | | Except 'none'. Not implementing that one. | ||||
* | util.crypto: More digests for sign/verify, use macros for clarity/consistency | Matthew Wild | 2022-07-02 | 1 | -2/+2 |
| | |||||
* | util.jwt: Add support for RSA-based algorithms (RS256, PS256) | Matthew Wild | 2022-07-02 | 1 | -14/+35 |
| | |||||
* | util.jwt: Add support/tests for ES256 via improved API and using util.crypto | Matthew Wild | 2022-07-01 | 1 | -19/+121 |
| | | | | | | | | | | | In many cases code will be either signing or verifying. With asymmetric algorithms it's clearer and more efficient to just state that once, instead of passing keys (and possibly other parameters) with every sign/verify call. This also allows earlier validation of the key used. The previous (HS256-only) sign/verify methods continue to be exposed for backwards-compatibility. | ||||
* | util.jwt: Use constant-time comparison with expected signature | Matthew Wild | 2021-05-13 | 1 | -1/+2 |
| | |||||
* | util.jwt: Basic JSON Web Token library supporting HS256 tokens | Kim Alvefur | 2020-02-24 | 1 | -0/+50 |