Skip to content

Upgrade JWT Kit to 5.2.0 with Breaking Changes Migration#61

Open
0xRohit wants to merge 1 commit intovapor-community:mainfrom
0xRohit:main
Open

Upgrade JWT Kit to 5.2.0 with Breaking Changes Migration#61
0xRohit wants to merge 1 commit intovapor-community:mainfrom
0xRohit:main

Conversation

@0xRohit
Copy link
Copy Markdown

@0xRohit 0xRohit commented Sep 24, 2025

Summary

This PR upgrades the JWT Kit dependency from 4.13.0 to 5.2.0 and migrates all code to use the new JWT Kit 5.x APIs. The migration maintains full backward compatibility for the OAuth authentication flow while adopting the improved security and performance features of JWT Kit 5.x.

Changes Overview

Dependencies

  • Package.swift: Updated JWT Kit dependency from 4.13.0 to 5.2.0

Core OAuth Implementation

  • OAuthServiceAccount.swift:

    • Migrated RSA key creation from RSAKey.private() to
      Insecure.RSA.PrivateKey(pem:)
    • Replaced JWTSigner.rs256() with JWTKeyCollection approach
    • Updated generateJWT() method to be async
    • Modified refresh() method to handle async JWT generation using Task/Promise pattern

  • OAuthPayload.swift:

    • Updated verify() method signature from verify(using signer: JWTSigner) to verify(using algorithm: some JWTAlgorithm) async throws

  • OAuthAccessToken.swift:

    • Added Sendable protocol conformance for Swift 6 compatibility

Code Quality Improvements

  • StorageObjectAPI.swift:
    • Fixed deprecation warning by replacing body.length with body.contentLength

Testing

  • CredentialTests.swift:
    • Added comprehensive JWT generation test to verify new API functionality
    • Test validates RSA key creation, JWT payload signing, and token structure

Breaking Changes

Component Before (JWT Kit 4.x) After (JWT Kit 5.x)
RSA Key Creation RSAKey.private(pem:) Insecure.RSA.PrivateKey(pem:)
JWT Signing JWTSigner.rs256(key:).sign() JWTKeyCollection().sign()
JWT Verification verify(using: JWTSigner) verify(using: JWTAlgorithm) async

Testing

  • All builds pass without compilation errors or warnings
  • JWT token generation functionality verified with new test
  • OAuth authentication flow maintains full compatibility
  • Swift 6 concurrency compliance verified

Migration Impact

For Library Users

  • No breaking changes - All public APIs remain the same
  • OAuth authentication continues to work identically
  • Service account JWT generation maintains same behavior

For Library Maintainers

  • JWT Kit 5.x provides improved security with Swift Crypto backend
  • Better async/await support for modern Swift concurrency
  • Enhanced type safety and performance improvements

File Changes Summary

Core/Sources/Configuration/OAuth/OAuthAccessToken.swift | 2 +-
Core/Sources/Configuration/OAuth/OAuthPayload.swift | 2 +-
Core/Sources/Configuration/OAuth/OAuthServiceAccount.swift | 53 ++++++++--------
Core/Tests/CredentialTests.swift | 64 ++++++++++++++++++-
Package.swift | 2 +-
Storage/Sources/API/StorageObjectAPI.swift | 2 +-

6 files changed, 98 insertions(+), 27 deletions(-)

Verification Steps

  1. Build Verification: swift build passes cleanly
  2. Test Verification: swift test passes with new JWT functionality
    test
  3. API Compatibility: All existing OAuth flows work unchanged
  4. Code Quality: No compiler warnings or deprecations

Type of Change

  • Dependencies update
  • Breaking changes migration
  • Code quality improvements
  • Test coverage addition

@0xRohit
feature: upgrade JWT Kit to 5.2.0 with breaking changes migration
077622c 
Update JWT Kit dependency from 4.13.0 to 5.2.0 and migrate all code to use the new JWT Kit 5.x APIs.
This includes comprehensive changes to OAuth authentication flow to maintain compatibility.

  Changes made:
  - Update Package.swift dependency to JWT Kit 5.2.0
  - Migrate RSA key creation from RSAKey.private() to Insecure.RSA.PrivateKey()
  - Replace JWTSigner with JWTKeyCollection for token signing
  - Update JWTPayload.verify() method to use async JWTAlgorithm parameter
  - Convert OAuth token generation to async/await pattern
  - Add Sendable conformance to OAuthAccessToken for Swift 6 compatibility
  - Fix deprecated AsyncHTTPClient body.length usage
  - Add comprehensive JWT functionality test

  BREAKING CHANGES:
  - JWT Kit API migration requires Swift 5.7+
  - OAuth token generation now uses async/await internally
  - JWTPayload verification method signature changed

  Tested:
  - All builds pass without warnings
  - JWT token generation verified with test
  - OAuth authentication flow maintains compatibility
@0xRohit 0xRohit marked this pull request as draft December 11, 2025 05:49
@0xRohit 0xRohit marked this pull request as ready for review December 11, 2025 05:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0xRohit