From 55b36f90b87da400849b6aea50022f9f340d1206 Mon Sep 17 00:00:00 2001 From: Joey Silberman Date: Wed, 20 Nov 2024 08:32:28 -0800 Subject: [PATCH] Feat/support unencoded jwt authorization requests (#40) * Add temporary support for unencoded JWT authorization requests * Remove unnecessary comment * use serde deserialize serialize derive for authorization response Signed-off-by: Ryan Tate * update url encoding for auth response Signed-off-by: Ryan Tate * fix unit tests Signed-off-by: Ryan Tate * use custom struct for json string encoded authorization response inner values Signed-off-by: Ryan Tate * allow unencoded authorization request Signed-off-by: Ryan Tate --------- Signed-off-by: Ryan Tate Co-authored-by: Joey Silberman Co-authored-by: Ryan Tate --- src/core/authorization_request/verification/did.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/core/authorization_request/verification/did.rs b/src/core/authorization_request/verification/did.rs index cd69956..42fba26 100644 --- a/src/core/authorization_request/verification/did.rs +++ b/src/core/authorization_request/verification/did.rs @@ -40,6 +40,14 @@ pub async fn verify_with_resolver( bail!("request was signed with unsupported algorithm: {alg}") } + // This bypass is for unencoded JWT requests, but we will need to change this later + // so that trust is preserved when receiving unencoded requests + // NOTE: This requires that `Algorithm::None` is permitted in the wallet metadata + // Otherwise, this function will error in the previous assertion. + if alg.contains("none") { + return Ok(()); + } + let Json::String(kid) = headers .remove("kid") .context("'kid' was missing from jwt headers")?