Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add header protection and custom header transitions #24

Merged
merged 4 commits into from
Mar 22, 2024

Conversation

alexrudy
Copy link
Owner

This pull request includes changes to protect header modification for signed headers and adds improved constructors and custom header transitions for Token. It also sets the source for TokenVerifyingError signature::Error and removes some header access patterns.

@alexrudy alexrudy changed the base branch from docs/trait-documentation to main December 29, 2023 02:09
Do not allow mutable access to header values except for when the Unsigned state is active. Altering header values on a signed token of any sort would invalidate the signature associated with that token.
Some token states should allow the alteration or replacement of custom header values, and the added methods here allow that to happen in a type-safe way. As well, they allow for the registered header fields to be reset.
Mutable access to signed or verified headers is not allowed, because that would invalidate the signed or verified signature, so remove the impls for HeaderAccessMut which apply to those states.
@alexrudy alexrudy force-pushed the feature/token-blank-method branch from 5fedd3d to 5a0d307 Compare March 22, 2024 04:33
@alexrudy alexrudy merged commit 9d5c5a8 into main Mar 22, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant