change: use RFC 9535 syntax for jwt-role-claim-key config#4984
change: use RFC 9535 syntax for jwt-role-claim-key config#4984taimoorzaeem wants to merge 1 commit into
jwt-role-claim-key config#4984Conversation
taimoorzaeem
added
the
breaking change
taimoorzaeem
force-pushed
the
break/aeson-jsonpath
branch
from
0af8877 to
6746de2
Compare
taimoorzaeem
changed the title
jwt-role-claim-key configjwt-role-claim-key config
taimoorzaeem
force-pushed
the
break/aeson-jsonpath
branch
from
6746de2 to
6079929
Compare
|
@taimoorzaeem One sec, so #4603 was never released so this is not really a This gives us a chance to just have an
Does it cover the same use case as #4599? If so, I agree with removing #4603. Would like to see some docs to better understand the feature. |
Yeah not because of that, it is breaking because we lose #3813, which was released in
It covers it but is not part of the standard and I implemented the slice operator downstream. I was talking about removing the string slice because to me it seems like a bad practice to further slice a selected role value in the JWT claims. Just wanted to know any opinion on it. I will write a detailed comment on this, if that is still not clear.
Yeah, will do, that would make it clear. |
BREAKING CHANGE On top of it, slice operator can be used by adding the pipe symbol at the end like `$.roles[0] | [1:]`. Signed-off-by: Taimoor Zaeem <taimoorzaeem@gmail.com>
taimoorzaeem
force-pushed
the
break/aeson-jsonpath
branch
from
6079929 to
a871fcf
Compare
|
The new syntax for $.postgrest.roles[0] | [1:0]
# ^^^^^^^^^^^^^^^^^^
# The first part here is the standard JSON Path implemented in aeson-jsonpath library$.postgrest.roles[0] | [1:0]
# ^^^^^^^
# The second part is the optional slice part which is not part of the standard. Technically,
# JSON Path is a selector so it can't modify a selected value. We implemented the string slicing
# part in #4603. So to keep it, I have designed it to optionally specify that after
# a pipe '|' symbol in this PR.Now, I was talking a bit against keeping the slice operator in a previous comment because I think our goal is to follow the standard so we don't frequently change it and break things. That way, it is also easier to document and maintain it. I am not sure about how useful string slicing feature is. The use case in #4599 seems very niche to me. 😕 |
I agree on removing the slicing again. |
That looks good to me.
But the standard doesn't cover the use case in #4599 right? The workaround on #4594 (comment) pollutes the db 😿 I don't think there is a problem if later on we break this config, it's after all server-side so the change is easy and in one place; unlike new functionality at the API level on which a breaking change then requires updating thousands of clients.
IIRC it was based on another standard (ref) so maybe not that niche. If anything we should make more clear that WLCG is supported in the docs. |
3 participants
Draft PR - opened to discuss the change. Work in Progress...
BREAKING CHANGE
On top of it, slice operator can be used by adding the pipe symbol at the end like
$.roles[0] | [1:].Closes #4914.