Comments (11)
The problem with your index.js file is that you are require'ing everything during initialization. Meaning that all require's have to be resolved, no matter what I use, or what I do not use in my app.
If you really want to make the passport integration optional, then instead of require'ing it during initialization, let the user call a function to require it.
Essentially you are releasing a minor version that breaks all apps/builds, and the solution is to include another module in my app, that I don't even use?
from node-jwks-rsa.
The "quick fix" in #89 may solve it for you but may bring issues for other people.
A quick workaround for anyone is to pin the node-jwks-rsa dependency at 1.4.0 - there are no other changes in 1.5.0.
I think the lazy initialization is the best approach - we're looking into that now.
from node-jwks-rsa.
So we've looked at the options and there isn't a good way of making these dependencies optional without introducing a breaking change. So the plan is:
We publish a 1.5.1 with the missing dependency to get people unblocked - especially if they specifying minor or patch compatibility with 1.x.y
We publish a 2.x that has a breaking change allowing these packages to be peers instead.
from node-jwks-rsa.
Merged in, going out in 1.5.1
from node-jwks-rsa.
from node-jwks-rsa.
@simov I think the idea of using an integration is that you already have that platform (passport in this case) as a dependency of your app. If you see, passport today is also a devDependency, and you're only pointing out that the issue is on the jsonwebtoken one.
If your app is going to be using passport, your app is probably defining it as dependency (vs devDependency). The same should be with jsonwebtoken. I think the fix here is not to move it to the dependencies block, as this library doesn't make use of it at all.. only the passport integration does, and that's optional.
Fix is probably relying on documenting the use of the integration, and saying that if you're going to use it on a passport enabled app you'll need to add as well the jsonwebtoken dependency in the dependencies block.
from node-jwks-rsa.
IMO the passport integration should be optional. Not everyone will like adding jsonwebtoken
as a dependency of their app just to skip this "require error" if they are not going use it at all. Then the fix can be checking if the passport module is present and only then require that integration file, which will of course require the jwt library as well. That's something we can document.
from node-jwks-rsa.
@lbalmaceda Thank you for your response.
I'm wondering right now about having a stable package. What we spect as users of the library is to install it and use it with any problem. In this case, as @simov mentioned, this package is breaking the apps/builds due to the missing package.
So, even though you want to add this to the documentation, in order to offer a good developer experience (and avoid breaking many applications), I'd prefer (and I really) to resolve all the needed dependencies under the installation.
We know that the passport integration should be optional; in this case, some solutions can be taken into account; for now, I can think of:
- Add the
jsonwebtoken
as peerDependency - Use lazy initialization for the passport module.
- Create a custom package for that integration. So we would not add unused code into our build.
But the most crucial part today is to release a usable version of the package and avoid breaking more applications. There is already a PR with a quick fix #89, which is even faster than adding a section into the documentation. Does this sound reasonable?
from node-jwks-rsa.
1.5.1 is now out and includes this and various dependency updates.
from node-jwks-rsa.
Great!! TY for keep us updated.
from node-jwks-rsa.
ı cant find the problem which jsonwebtoken file cannot find by node
from node-jwks-rsa.
Related Issues (20)
- Types for JwksClient.getSigningKey still allows callbacks HOT 2
- cache doesn't work for the expressJwtSecret function HOT 3
- Types conflict between [email protected] and [email protected] HOT 2
- FIX BUG TYPES WITH TYPESCRIPT AND AUTH 0 HOT 1
- The JWKS endpoint did not contain any signing keys HOT 2
- cb is not a function HOT 2
- Add pre-fetch keys / tweaks to caching HOT 2
- strictSsl property not available jwksRsa.hapiJwt2KeyAsync HOT 2
- Please upgrade dependencies HOT 5
- I can't login to my wallet I tried everything else but it is hopeless 😔 I hope you can understand that I created Bitcoin with satoshi nakamoto in 2008
- error in secret or public key callback: The JWKS endpoint did not contain any signing keys HOT 3
- Consider outputting ESM HOT 2
- types referred in dependencies section of package json HOT 2
- Make jwks-rsa resilient in the face of inability to access the underlying JWKS HOT 1
- Provide a way to prevent `getKeysInterceptor` falling back to `jwksUri` when the result doesn't contain the `kid` HOT 2
- No support for Cloudflare Workers HOT 3
- Can't match types definition in @types/[email protected] HOT 2
- error TS2688: Cannot find type definition file for 'express-unless'.
- Bump jose to v5 HOT 3
- Add module-info.java
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-jwks-rsa.