Renamed ClaimImpl.kt to JsonClaim.kt. Cached base64Decoder. Generated IMPROVEMENTS.md.#2
Renamed ClaimImpl.kt to JsonClaim.kt. Cached base64Decoder. Generated IMPROVEMENTS.md.#2tberchanov wants to merge 3 commits intomainfrom
Conversation
|
|
||
| ## 🚨 Critical Security Issues | ||
|
|
||
| ### 1. No Signature Verification |
There was a problem hiding this comment.
Initially this repo has an exact purpose - decode tokens, just to be able to fetch parts from string and use it. As initial codebase was not great from the implementation point of view, we can proceed with better implementation. I'm going to create an issue for this: #3
| fun verify(jwt: JWT): VerificationResult | ||
| } | ||
|
|
||
| sealed class VerificationResult { |
| ``` | ||
|
|
||
| ### 2. No Algorithm Validation | ||
| **Current State**: No validation of the algorithm specified in the JWT header. |
There was a problem hiding this comment.
Should this be a part of constructor and throw an exception?
| ### 3. No Input Validation | ||
| **Current State**: Accepts any string input without validation. | ||
|
|
||
| **Code Example**: |
There was a problem hiding this comment.
Sounds valid.
Question - use required in constructor or throw other exceptions?
|
|
||
| companion object { | ||
| private const val MAX_TOKEN_LENGTH = 8192 | ||
| private val TOKEN_PATTERN = Regex("^[A-Za-z0-9+/=_-]+\\.([A-Za-z0-9+/=_-]+)\\.([A-Za-z0-9+/=_-]*)$") |
There was a problem hiding this comment.
Explanation for non-regex friendly devs might be useful
| ### 16. Missing Sample Applications | ||
| **Current State**: No example applications demonstrating how to use the JWTDecode library. | ||
|
|
||
| **Missing Examples**: |
There was a problem hiding this comment.
android & iOS app are present, for other platforms we are gonna go when basic APIs gonna be stable.
|
|
||
| ### 17. Add Key Management | ||
| **Implementation**: | ||
| ```kotlin |
| ### 18. Add Streaming Support | ||
| **Implementation**: | ||
| ```kotlin | ||
| // For large JWTs |
| ### 19. Add Batch Processing | ||
| **Implementation**: | ||
| ```kotlin | ||
| interface JWTBatchProcessor { |
| ## 🔄 Future-Proofing Areas | ||
|
|
||
| ### 20. Add Plugin System | ||
| **Implementation**: |
azazellj
force-pushed
the
main
branch
2 times, most recently
from
b0c4b3b to
87b4f76
Compare
… IMPROVEMENTS.md.
azazellj
force-pushed
the
main
branch
2 times, most recently
from
d6f99b9 to
49034c9
Compare
2 participants
No description provided.