[couchdb] branch 3.x updated: Expose `decode/4` to skip decoding steps

Wed, 12 Jan 2022 12:27:20 -0800 

This is an automated email from the ASF dual-hosted git repository.

jaydoane pushed a commit to branch 3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git


The following commit(s) were added to refs/heads/3.x by this push:
     new 7954aca  Expose `decode/4` to skip decoding steps
7954aca is described below

commit 7954acafa0ab8bc1b8738e66471ea999bcb89ccd
Author: Jay Doane <[email protected]>
AuthorDate: Wed Jan 12 08:46:16 2022 -0800

    Expose `decode/4` to skip decoding steps
    
    Currently, `decode/3` performs various checks on a JWT, and then
    base64 decodes and finally JSON decodes the token. However, in some
    cases, it's desirable to skip the decoding steps, and just return the
    token payload in binary form.
    
    This exposes `decode/4` where the 4th argument is a decoder fun that
    defaults to `decode_b64url_json/1` for `decode/3` to retain existing
    behavior, but also exposes `decode_passthrough/1` in case a client
    wants to avoid any decoding steps.
---
 src/jwtf/src/jwtf.erl | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/jwtf/src/jwtf.erl b/src/jwtf/src/jwtf.erl
index d62789b..1dedb36 100644
--- a/src/jwtf/src/jwtf.erl
+++ b/src/jwtf/src/jwtf.erl
@@ -20,6 +20,9 @@
 -export([
     encode/3,
     decode/3,
+    decode/4,
+    decode_b64url_json/1,
+    decode_passthrough/1,
     valid_algorithms/0,
     verification_algorithm/1
 ]).
@@ -80,14 +83,18 @@ encode(Header = {HeaderProps}, Claims, Key) ->
 
 % @doc decode
 % Decodes the supplied encoded token, checking
-% for the attributes defined in Checks and calling
+% for the attributes defined in Checks, calling
 % the key store function to retrieve the key needed
-% to verify the signature
+% to verify the signature, and decoding the Payload
+% with the Decoder, defaulting to decode_b64url_json/1.
 decode(EncodedToken, Checks, KS) ->
+    decode(EncodedToken, Checks, KS, fun decode_b64url_json/1).
+
+decode(EncodedToken, Checks, KS, Decoder) ->
     try
         [Header, Payload, Signature] = split(EncodedToken),
         validate(Header, Payload, Signature, Checks, KS),
-        {ok, decode_b64url_json(Payload)}
+        {ok, Decoder(Payload)}
     catch
         throw:Error ->
             {error, Error}
@@ -291,6 +298,9 @@ split(EncodedToken) ->
         _ -> throw({bad_request, <<"Malformed token">>})
     end.
 
+decode_passthrough(B64UrlEncoded) ->
+    B64UrlEncoded.
+
 decode_b64url_json(B64UrlEncoded) ->
     try
         case b64url:decode(B64UrlEncoded) of

Reply via email to