You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1. The main purpose of OpaqueSigner is to sign payloads. Why does it have to implement a Public() method? Public key is irrelevant to signing itself, but is for verification. (if the Public() is not required in all use cases, please document when it can be ignored.)
2. The SignPayload method doesn't accept context argument. What if the real signer is working remotely (i.e., Azure Key Vault)? Even a locally installed encryptor hardware should be regarded as a "remote device" from software's perspective. (just in my opinion)
3. The documents of OpaqueSigner provides too little information. It would be better if it had some usage examples, in what cases will a method be called for what purposes, some precautions, and etc.
The text was updated successfully, but these errors were encountered:
Now I see why "Public()". It's for embedding the public key in the JWT header. Makes sense but still should be documented --- I didn't understand it until I read a big part of the source code.
1. The main purpose ofOpaqueSigner
is to sign payloads. Why does it have to implement aPublic()
method? Public key is irrelevant to signing itself, but is for verification. (if thePublic()
is not required in all use cases, please document when it can be ignored.)2. The
SignPayload
method doesn't accept context argument. What if the real signer is working remotely (i.e., Azure Key Vault)? Even a locally installed encryptor hardware should be regarded as a "remote device" from software's perspective. (just in my opinion)3. The documents of
OpaqueSigner
provides too little information. It would be better if it had some usage examples, in what cases will a method be called for what purposes, some precautions, and etc.The text was updated successfully, but these errors were encountered: