Merge pull request #2007 from coralproject/base64-secret

Base64 Secret Encoding
This commit is contained in:
Kim Gardner
2018-10-19 18:45:12 +01:00
committed by GitHub
2 changed files with 20 additions and 2 deletions
+15 -2
View File
@@ -246,6 +246,21 @@ Refer to the documentation for [TALK_JWT_ALG](#talk-jwt-alg) for other signing
methods and other forms of the `TALK_JWT_SECRET`. If you are interested in using
multiple keys, then refer to [TALK_JWT_SECRETS](#talk-jwt-secrets).
You can also encode your secret as a base64 string (if you are using a symmetric
algorithm) as long as you prefix it with `base64:`. For example:
```plain
TALK_JWT_SECRET={"secret": "base64:dGVzdA=="}
```
Would be the same as:
```plain
TALK_JWT_SECRET={"secret": "test"}
```
As `dGVzdA==` is just `test` encoded using base64.
## TALK_JWT_SECRETS
Used when specifying multiple secrets used for key rotations. This is a JSON
@@ -271,7 +286,6 @@ Note that the secret is stored in a JSON object, keyed by `secret`. This is only
needed when specifying in the multiple secrets for `TALK_JWT_SECRETS`, but may
be used to specify the single [TALK_JWT_SECRET](#talk-jwt-secret).
When the value of [TALK_JWT_ALG](#talk-jwt-alg) is **not** a `HS*` value, then
the value of the `TALK_JWT_SECRETS` should take the form:
@@ -282,7 +296,6 @@ TALK_JWT_SECRETS=[{"kid": "1", "private": "<my private key>", "public": "<my pub
Refer to the documentation on the [TALK_JWT_ALG](#talk-jwt-alg) for more
information on what to store in these parameters.
## TALK_JWT_SIGNING_COOKIE_NAME
The default cookie name that is use to set a cookie containing a JWT that was
+5
View File
@@ -120,6 +120,11 @@ function SharedSecret({ kid = undefined, secret = null }, algorithm) {
throw new Error('Secret cannot have a zero length');
}
// If the secret is base64 encoded, then decode it!
if (secret.startsWith('base64:')) {
secret = Buffer.from(secret.substring(7), 'base64').toString();
}
return new Secret({
kid,
signingKey: secret,