You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2022/01/12 17:09:25 UTC
[couchdb] branch separate-json-decoding created (now 75d406e)
This is an automated email from the ASF dual-hosted git repository.
jaydoane pushed a change to branch separate-json-decoding
in repository https://gitbox.apache.org/repos/asf/couchdb.git.
at 75d406e Expose `decode/4` to skip decoding steps
This branch includes the following new commits:
new 75d406e Expose `decode/4` to skip decoding steps
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[couchdb] 01/01: Expose `decode/4` to skip decoding steps
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jaydoane pushed a commit to branch separate-json-decoding
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 75d406e8c144f1711a82971ab5fd1316ef66dc6a
Author: Jay Doane <ja...@apache.org>
AuthorDate: Wed Jan 12 08:46:16 2022 -0800
Expose `decode/4` to skip decoding steps
Currently, `decode/3` performs various checks on a JWT, and then
base64 decodes and finally JSON decodes the token. However, in some
cases, it's desirable to skip the decoding steps, and just return the
token payload in binary form.
This exposes `decode/4` where the 4th argument is a decoder fun that
defaults to `decode_b64url_json/1` for `decode/3` to retain existing
behavior, but also exposes `decode_passthrough/1` in case a client
wants to avoid any decoding steps.
---
src/jwtf/src/jwtf.erl | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/jwtf/src/jwtf.erl b/src/jwtf/src/jwtf.erl
index d62789b..1dedb36 100644
--- a/src/jwtf/src/jwtf.erl
+++ b/src/jwtf/src/jwtf.erl
@@ -20,6 +20,9 @@
-export([
encode/3,
decode/3,
+ decode/4,
+ decode_b64url_json/1,
+ decode_passthrough/1,
valid_algorithms/0,
verification_algorithm/1
]).
@@ -80,14 +83,18 @@ encode(Header = {HeaderProps}, Claims, Key) ->
% @doc decode
% Decodes the supplied encoded token, checking
-% for the attributes defined in Checks and calling
+% for the attributes defined in Checks, calling
% the key store function to retrieve the key needed
-% to verify the signature
+% to verify the signature, and decoding the Payload
+% with the Decoder, defaulting to decode_b64url_json/1.
decode(EncodedToken, Checks, KS) ->
+ decode(EncodedToken, Checks, KS, fun decode_b64url_json/1).
+
+decode(EncodedToken, Checks, KS, Decoder) ->
try
[Header, Payload, Signature] = split(EncodedToken),
validate(Header, Payload, Signature, Checks, KS),
- {ok, decode_b64url_json(Payload)}
+ {ok, Decoder(Payload)}
catch
throw:Error ->
{error, Error}
@@ -291,6 +298,9 @@ split(EncodedToken) ->
_ -> throw({bad_request, <<"Malformed token">>})
end.
+decode_passthrough(B64UrlEncoded) ->
+ B64UrlEncoded.
+
decode_b64url_json(B64UrlEncoded) ->
try
case b64url:decode(B64UrlEncoded) of