Feature Request: RS256

[sayore]

I would like to check validity of Google Login JWT's which uses RS256.

Maybe this is already possible and i'm misinterpreting the README? If not, is it something you can/would implement?

[timonson]

Hi @edenprojectde , asymmetric signing algorithms like RS256 will be implemented as soon as deno expands its crypto library. You should be able to check the validity of Google's JWTs then. Right now only HMAC SHA-256 ("HS256"), HMAC SHA-512 ("HS512") and none (Unsecured JWTs) are implemented. I hope this answers your question.

[sayore]

@timonson do you think they have this on their todo already? Can we push this a little by making an issue on the deno repo or maybe there is one?
Can't find it in the issues of deno as of right now.
Only found this PR: denoland/deno#6046

Edit: Ah i found this one: denoland/deno#1891

[invisal]

I am working on one crypto library for Deno. Right now you can do verify with it. I still work on sign next. I hope if it will be helpful.
https://github.com/invisal/god_crypto/wiki/RSA#verify-rs256-jwt

[timonson]

Thank you for letting me know @invisal ! I will take a closer look over the weekend. Is the goal of your library that it will be adopted into the official Deno repository at one point?

[invisal]

The direction is not very clear. Currently, we will try to use WebCrypto if it is available, then fallback to our own implementation. So if you bundle our code and use it in browser, it use WebCrypto. If you use run using deno, then it will use pure Javascript implementation.

At some point, Deno will implement crypto library. It can be either

• Deno will implement WebCrypto. In that case, we will work out of the box since we use WebCrypto
• Deno will implement their own crypto, then, we will use WebCrypto in the browser, use deno crypto implemention, and fallback to our algorithm if user use algorithm that does not support in webcrypto and deno crypto.

At the end of day, we want to be thin layer wrapping around WebCrypto and deno crypto,

Right now, the library is still young and I try to go around the community and see which feature everyone need the most.

[timonson]

I just added the RS256 algorithm to the new rsa256 branch. Before I merge this branch to master I would love to get some code reviews for this branch @edenprojectde @alexander-eng @invisal @MariusVatasoiu @esquevin . You probably need an earlier deno version than 1.4.0 because the crypto library has not been updated yet. Please let me know when you looked at the added code. Thank you!

[timonson]

I made a PR here: #34

Please comment if you find something.

Thanks!

[austenstone]

updates? 👀

[timonson]

Hi @austenstone , the algorithms "RS256", "RS384" and "RS512" have been implemented. I am not familiar with Google Login JWT's, would you mind telling me, what options you are looking for? Thank you!

[austenstone]

Appreciate the response @timonson. I got it working after some difficulty with crypto.subtle.importKey.

See example for Authenticating as a GitHub App:
https://github.com/austenstone/github-pooled-notification-server/blob/main/communication/github.ts#L80-L119