-
Notifications
You must be signed in to change notification settings - Fork 831
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sign JSON Web Token (JWT) #772
Conversation
WIPFirst Implementation to see if the approach I took is the correct one. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @manute, a couple of comments but this looks fine to me.
@Jeffail I think I've addressed all the feedback, thanks |
Thanks @manute, this looks great. The pipeline will fail as the docs need generating with |
@manute @Jeffail I know this was merged, but I had a look at dgrijalva/jwt-go library and it looks like they have a preview release for a CVE as described here. Not sure if it's an issue for this use case. From the comments, it looks like form3 adopted a fork of it and made a bunch of security fixes. Then again, it seems this will be the new home for this library based on this conversation, but they just started moving it there. |
@mihaitodor thanks for the heads up. I believe this should be addressed in other PR, and when the official new home for this lib has added that sec issue. Because base on its README :
|
I agree. I opened an issue to keep track of this situation: #779. |
#769