Implement RFC-7797 / JWS (Detached Payload) #166#272
Implement RFC-7797 / JWS (Detached Payload) #166#272finvu wants to merge 1 commit intompdavis:masterfrom
Conversation
|
is this validated? working as expected? But the java jose4j are this is not giving me same result. @chayan-datta @finvu Can you please help? |
One minor suggestion @prajurock, after converting it to JSON string, please remove the spaces. It will give you the result you want. |
There was a problem hiding this comment.
Pull Request Overview
The PR implements support for RFC-7797 detached JWS payloads and updates the typ header per RFC7515.
- Added sign_detached function to sign JWS with detached payloads
- Updated verify and _load functions to handle detached payloads and incorporated new tests that validate both detached and encoded detached use cases
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| tests/test_jws.py | Updated header "typ" to "JOSE" and added tests for detached JWS payloads |
| jose/jws.py | Introduced sign_detached, modified verify and _load to support detached mode, updated _encode_header header |
|
|
||
| Returns: | ||
| str: The string representation of the header, and signature in detached jws format | ||
| payload: the payload as received in the request or encoed if {"b4":True} header is passed in the call |
There was a problem hiding this comment.
There are typographical errors in the sign_detached() docstring; 'encoed' should be 'encoded' and 'b4' should be 'b64'.
| else: | ||
| if "b64" in header and header["b64"] is True: | ||
| payload = _encode_payload(payload) | ||
| signing_input = b"".join([signing_input, payload]) |
There was a problem hiding this comment.
When a payload is provided for a detached JWS, concatenating signing_input and payload without a delimiter may produce an incorrect signing input. Consider reviewing whether a '.' separator is required to correctly reassemble the original signing input.
| signing_input = b"".join([signing_input, payload]) | |
| signing_input = b".".join([signing_input, payload]) |
4 participants
This is a contribution for issue number #166. I have also observed that as per rfc7515, section 4.1.9 the recommended value for typ header should be "JOSE" and hence include that change as well. Two tests have been added test_RSA256_detached() and test_RSA256_detached_encoded()