Pass payload to keyfinder

[CodeMonkeySteve]

I have an app that I would like to authenticate to using tokens signed with HMAC (created by the app) or ECDSA (created by other companies), depending on the value of the issuer (iss) claim. I'm using the keyfinder block to implement that logic, but it needs to have the payload passed to it in order to find the appropriate public key for the issuer. To that end, I made a small change to pass both the header and payload to keyfinder, if it has arity of 2. Now my calling code looks like:

payload = JWT.decode(token, nil, true) do |header, payload|
  alg = header['alg']
  if alg.starts_with?('HS')
    # HMAC token
    Rails.application.secrets[:secret_key_base]

  elsif alg.starts_with?('ES') && (pub_key = Company.where(id: payload['iss']).pluck(:public_key).first)
    # ECDSA token
    OpenSSL::PKey::EC.new(pub_key)

  else
    nil
  end
end.first

[CodeMonkeySteve]

Added check that keyfinder returns a key.

[excpt]

I added a view comments to your changes. If you find the time you may fix them. Otherwise the PR looks good to me.

[excpt]

Please change your code to use yield instead of keyfinder.call (yield(header, playload) and yield(header)) and use a full if else condition statement instead of your ternary conditions.

key = if keyfinder.arity == 2
          yield(header, payload)
        else
          yield(header)

[CodeMonkeySteve]

With the arity check, I prefer call to yield, as it makes it more obvious that keyfinder is the block being called. But I'll defer to your style.

[excpt]

Code smell: There is an additional space in front of the unless key word.

[CodeMonkeySteve]

Apparently no one likes my style of putting two spaces before postfix conditionals, but I wouldn't call it a code smell. ;)

[CodeMonkeySteve]

Made style changes.

[excpt]

Thanks. :)