From 5c8831275d321b4d51adb731d4df9f518962bf1a Mon Sep 17 00:00:00 2001 From: Joakim Antman Date: Sat, 28 Jun 2025 12:07:27 +0300 Subject: [PATCH] Support resolving JWA from JWK --- lib/jwt/eddsa/jwk/okp.rb | 6 ++++++ spec/integration_spec.rb | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/lib/jwt/eddsa/jwk/okp.rb b/lib/jwt/eddsa/jwk/okp.rb index 3d71251..ea17a84 100644 --- a/lib/jwt/eddsa/jwk/okp.rb +++ b/lib/jwt/eddsa/jwk/okp.rb @@ -56,6 +56,12 @@ def export(options = {}) exported end + def jwa + return super if self[:alg] + + JWA.resolve("EdDSA") if self[:crv] == "Ed25519" + end + private def extract_key_params(key) # rubocop:disable Metrics/MethodLength diff --git a/spec/integration_spec.rb b/spec/integration_spec.rb index 8801534..53d47b2 100644 --- a/spec/integration_spec.rb +++ b/spec/integration_spec.rb @@ -69,4 +69,17 @@ expect(payload).to eq(token_payload) end end + + describe "JWK as key" do + let(:jwk) { JWT::JWK.new(Ed25519::SigningKey.new(SecureRandom.hex)) } + + it "signs and verifies using the jwk" do + token = JWT::Token.new(payload: {}, header: {}) + + token.sign!(algorithm: "EdDSA", key: jwk) + + encoded_token = JWT::EncodedToken.new(token.jwt) + encoded_token.verify!(signature: { algorithm: %w[HS256 EdDSA], key: jwk }) + end + end end