Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: RS256 #10

Closed
sayore opened this issue Jun 6, 2020 · 10 comments
Closed

Feature Request: RS256 #10

sayore opened this issue Jun 6, 2020 · 10 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@sayore
Copy link

sayore commented Jun 6, 2020

I would like to check validity of Google Login JWT's which uses RS256.

Maybe this is already possible and i'm misinterpreting the README? If not, is it something you can/would implement?

@timonson
Copy link
Member

timonson commented Jun 6, 2020

Hi @edenprojectde , asymmetric signing algorithms like RS256 will be implemented as soon as deno expands its crypto library. You should be able to check the validity of Google's JWTs then. Right now only HMAC SHA-256 ("HS256"), HMAC SHA-512 ("HS512") and none (Unsecured JWTs) are implemented. I hope this answers your question.

@timonson timonson closed this as completed Jun 9, 2020
@sayore
Copy link
Author

sayore commented Jun 9, 2020

@timonson do you think they have this on their todo already? Can we push this a little by making an issue on the deno repo or maybe there is one?
Can't find it in the issues of deno as of right now.
Only found this PR: denoland/deno#6046

Edit: Ah i found this one: denoland/deno#1891

@timonson timonson reopened this Jun 9, 2020
@timonson timonson added the enhancement New feature or request label Jul 12, 2020
@invisal
Copy link

invisal commented Aug 20, 2020

I am working on one crypto library for Deno. Right now you can do verify with it. I still work on sign next. I hope if it will be helpful.
https://github.com/invisal/god_crypto/wiki/RSA#verify-rs256-jwt

@timonson
Copy link
Member

Thank you for letting me know @invisal ! I will take a closer look over the weekend. Is the goal of your library that it will be adopted into the official Deno repository at one point?

@invisal
Copy link

invisal commented Aug 20, 2020

The direction is not very clear. Currently, we will try to use WebCrypto if it is available, then fallback to our own implementation. So if you bundle our code and use it in browser, it use WebCrypto. If you use run using deno, then it will use pure Javascript implementation.

At some point, Deno will implement crypto library. It can be either

  • Deno will implement WebCrypto. In that case, we will work out of the box since we use WebCrypto
  • Deno will implement their own crypto, then, we will use WebCrypto in the browser, use deno crypto implemention, and fallback to our algorithm if user use algorithm that does not support in webcrypto and deno crypto.

At the end of day, we want to be thin layer wrapping around WebCrypto and deno crypto,

Right now, the library is still young and I try to go around the community and see which feature everyone need the most.

@timonson
Copy link
Member

timonson commented Sep 20, 2020

I just added the RS256 algorithm to the new rsa256 branch. Before I merge this branch to master I would love to get some code reviews for this branch @edenprojectde @alexander-eng @invisal @MariusVatasoiu @esquevin . You probably need an earlier deno version than 1.4.0 because the crypto library has not been updated yet. Please let me know when you looked at the added code. Thank you!

@timonson timonson added the help wanted Extra attention is needed label Sep 20, 2020
@timonson
Copy link
Member

I made a PR here: #34

Please comment if you find something.

Thanks!

@austenstone
Copy link

updates? 👀

@timonson
Copy link
Member

Hi @austenstone , the algorithms "RS256", "RS384" and "RS512" have been implemented. I am not familiar with Google Login JWT's, would you mind telling me, what options you are looking for? Thank you!

@austenstone
Copy link

Appreciate the response @timonson. I got it working after some difficulty with crypto.subtle.importKey.

See example for Authenticating as a GitHub App:
https://github.com/austenstone/github-pooled-notification-server/blob/main/communication/github.ts#L80-L119

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

4 participants