eparreno / rack-jwt Goto Github PK
View Code? Open in Web Editor NEWRack middleware that provides authentication based on JSON Web Tokens
License: MIT License
Rack middleware that provides authentication based on JSON Web Tokens
License: MIT License
In #10 the JWT version pin in the Gemspec was changed from '~> 2.0'
to '~> 2.1.0'
.
Line 31 in 80e574f
This has caused a bundle update to roll back the jwt gem in my project from 2.2.1 to 2.1.0, rolling back a number of features and bug fixes in that gem. It seems like this pin should be ~> 2.1
to allow automatic minor version upgrades. Is there a reason the gemspec is pinning on major.minor and only allowing patch upgrades of the jwt gem?
I was putting rack-jwt
in a project that has depedency rack ~> 2.2
and bundler complains that there is a dependency issue.
% bundle
Fetching gem metadata from https://rubygems.org/...............
Resolving dependencies...
Bundler could not find compatible versions for gem "rack":
In Gemfile:
rack (~> 2.2)
rack-jwt (~> 0.5) was resolved to 0.5.0, which depends on
rack (~> 2.0.0)
The rack dependency on rubygems shows rack ~> 2.0.0
but the rack dependency in both the github tagged release and in the current repo show no version dependency on rack at all.
% gem dependency -r 'rack-jwt'
Gem rack-jwt-0.5.0
bundler (~> 1.16.2, development)
jwt (~> 2.1.0)
rack (~> 2.0.0)
rack-test (~> 1.0.0, development)
rake (~> 12.0.0, development)
rbnacl (~> 6.0.1, development)
rspec (~> 3.8.0, development)
simplecov (~> 0.16.0, development)
I pulled down the gem file directly from rubygems, and check the specification in gem file itself and the dependency is `rack ~> '2.0.0'
% gem fetch rack-jwt -v 0.5.0
Downloaded rack-jwt-0.5.0
% gem specification -l ./rack-jwt-0.5.0.gem
...
- !ruby/object:Gem::Dependency
name: rack
requirement: !ruby/object:Gem::Requirement
requirements:
- - "~>"
- !ruby/object:Gem::Version
version: 2.0.0
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - "~>"
- !ruby/object:Gem::Version
version: 2.0.0
...
I'm assuming that this is not the intended dependency, specially since the 0.4.0 version was rack >= 1.6.0
and there is no commit in the repo setting the rack dependency to ~> 2.0.0
.
I would assume that a release of a 0.5.1 with the right dependency would solve this.
Thanks.
reported by @Morred
https://github.com/eigenbart/rack-jwt/issues/9
Hi there,
First of all, thanks for writing this gem, it's super useful!
I guess this one is more like a feature request, I'm looking for a way to customize the format of the error responses of the Auth class.
Every time something fails, it will automatically return a 401 response with the error body format that is hardcoded into this method, so currently I'm just monkeypatching the return_error method to build the error body into the format I need.
Is a general, more flexible way to format the error responses something you would consider adding to this gem?
Version 0.5 is incompatible with later versions of Rack. Rack 2.0.x contains security issues. The latest master fixes this problem. Can you please release v0.5.1/0.6?
Is there a release planned for the latest additions?
Hi!
If you try to depend on ruby-jwt 2.1, will it break something?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.