Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature request: support AbortSignal in custom JWT claims code #6364

Open
1 of 4 tasks
jonsamwell opened this issue Jul 30, 2024 · 3 comments
Open
1 of 4 tasks

feature request: support AbortSignal in custom JWT claims code #6364

jonsamwell opened this issue Jul 30, 2024 · 3 comments
Assignees
@darcyYe
Labels
feature-request Something cool or not cool

Comments

@jonsamwell
Copy link

Describe the bug

When trying to use AbortSignal in custom JWT claims a reference expect is thrown (when using the test functionality) stating AbortSignal is not defined.

Expected behavior

AbortSignal can be used.

How to reproduce?

Given this code where AbortSignal is used to enforce a timeout when using fetch a Reference error should not be thrown.

/**
* This function is called during the access token generation process to get custom claims for the JWT token.
* Limit custom claims to under 50KB.
*
* @param {Object} payload - The input payload of the function.
* @param {AccessTokenPayload} payload.token -The JWT token.
* @param {Context} payload.context - Logto internal data that can be used to pass additional information
* @param {EnvironmentVariables} [payload.environmentVariables] - The environment variables.
*
* @returns The custom claims.
 */
  const getCustomJwtClaims = async ({ token, context, environmentVariables }) => {
    const  apiUrl = environmentVariables?.apiUrl ?? '';
    const  apiKey = environmentVariables?.apiKey ?? '';
    let data = {};
  
    try {
      const response = await fetch(`${apiUrl}/members/${token.accountId}/jwt/enrich`, {
        headers: {
          Authorization: apiKey,
          },
        signal: AbortSignal.timeout(5000)
      });
  
      data = await response.json();
      } catch (e) {
        data = {
        error: e.toString()
        }
      }
  
    return {
      someProperty: "abc123",
      ...data
    };
  }

The resulting JWT Custom Data is:

Extra JWT claims:
{
  someProperty: "abc123",
  "error": "ReferenceError: AbortSignal is not defined"
}

Context

  • Logto Cloud
  • Self-hosted, Logto version =
    • Container (Docker image)
    • Raw Node.js

Screenshots
@jonsamwell jonsamwell added the bug Something isn't working label Jul 30, 2024
@darcyYe
Copy link
Contributor

darcyYe commented Jul 31, 2024

We currently does not support much API in custom JWT for security concern, the behavior is expected. After discuss with our team, we can add the support for AbortSignal API in following weeks.

@darcyYe darcyYe self-assigned this Jul 31, 2024
@darcyYe darcyYe added feature-request Something cool or not cool and removed bug Something isn't working labels Jul 31, 2024
@darcyYe darcyYe changed the title bug: Ability to use AbortSignal in custom JWT claims code feature request: support AbortSignal in custom JWT claims code Jul 31, 2024
@jonsamwell
Copy link
Author

Thanks @darcyYe, it is not a big problem it is only to ensure the call does not take too long.

@darcyYe
Copy link
Contributor

darcyYe commented Jul 31, 2024

Although we have set a timeout for the execution of getCustomJwtClaims() in the custom JWT, since we provide the fetch() method, it is reasonable for developers to customize an additional, stricter timeout setting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@darcyYe darcyYe

Labels
feature-request Something cool or not cool
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonsamwell @darcyYe