RubyGems - jwt - Versions diffs - 2.10.1 → 3.0.0.beta1 - Mend

jwt 2.10.1 → 3.0.0.beta1

Files changed (35) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +30 -1
data/README.md +44 -54
data/UPGRADING.md +46 -0
data/lib/jwt/base64.rb +1 -10
data/lib/jwt/claims/numeric.rb +0 -32
data/lib/jwt/claims.rb +0 -7
data/lib/jwt/configuration/container.rb +0 -1
data/lib/jwt/decode.rb +5 -8
data/lib/jwt/encoded_token.rb +71 -4
data/lib/jwt/jwa/ecdsa.rb +0 -4
data/lib/jwt/jwa/hmac.rb +0 -4
data/lib/jwt/jwa/ps.rb +1 -0
data/lib/jwt/jwa/rsa.rb +1 -0
data/lib/jwt/jwa/signing_algorithm.rb +0 -1
data/lib/jwt/jwa.rb +1 -26
data/lib/jwt/jwk/ec.rb +0 -4
data/lib/jwt/jwk/hmac.rb +2 -2
data/lib/jwt/jwk/key_finder.rb +14 -1
data/lib/jwt/jwk/rsa.rb +3 -0
data/lib/jwt/jwk.rb +0 -1
data/lib/jwt/token.rb +22 -3
data/lib/jwt/version.rb +5 -21
data/lib/jwt.rb +1 -7
metadata +4 -13
data/lib/jwt/claims/verification_methods.rb +0 -20
data/lib/jwt/claims_validator.rb +0 -18
data/lib/jwt/deprecations.rb +0 -49
data/lib/jwt/jwa/compat.rb +0 -32
data/lib/jwt/jwa/eddsa.rb +0 -35
data/lib/jwt/jwa/hmac_rbnacl.rb +0 -50
data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +0 -47
data/lib/jwt/jwa/wrapper.rb +0 -44
data/lib/jwt/jwk/okp_rbnacl.rb +0 -109
data/lib/jwt/verify.rb +0 -40

data/lib/jwt/jwk/key_finder.rb CHANGED Viewed

@@ -2,8 +2,13 @@
 module JWT
   module JWK
-    # @api private
+    # JSON Web Key keyfinder
+    # To find the key for a given kid
     class KeyFinder
+      # Initializes a new KeyFinder instance.
+      # @param [Hash] options the options to create a KeyFinder with
+      # @option options [Proc, JWT::JWK::Set] :jwks the jwks or a loader proc
+      # @option options [Boolean] :allow_nil_kid whether to allow nil kid
       def initialize(options)
         @allow_nil_kid = options[:allow_nil_kid]
         jwks_or_loader = options[:jwks]
@@ -15,6 +20,8 @@ module JWT
                        end
       end
+      # Returns the verification key for the given kid
+      # @param [String] kid the key id
       def key_for(kid)
         raise ::JWT::DecodeError, 'No key id (kid) found from token headers' unless kid || @allow_nil_kid
         raise ::JWT::DecodeError, 'Invalid type for kid header parameter' unless kid.nil? || kid.is_a?(String)
@@ -27,6 +34,12 @@ module JWT
         jwk.verify_key
       end
+      # Returns the key for the given token
+      # @param [JWT::EncodedToken] token the token
+      def call(token)
+        key_for(token.header['kid'])
+      end
       private
       def resolve_key(kid)

data/lib/jwt/jwk/rsa.rb CHANGED Viewed

@@ -165,6 +165,8 @@ module JWT
           end
         end
+        # :nocov:
+        # Before openssl 2.0, we need to use the accessors to set the key
         def create_rsa_key_using_accessors(rsa_parameters) # rubocop:disable Metrics/AbcSize
           validate_rsa_parameters!(rsa_parameters)
@@ -179,6 +181,7 @@ module JWT
             rsa_key.iqmp = rsa_parameters[:qi] if rsa_parameters[:qi]
           end
         end
+        # :nocov:
         def validate_rsa_parameters!(rsa_parameters)
           return unless rsa_parameters.key?(:d)

data/lib/jwt/jwk.rb CHANGED Viewed

@@ -53,4 +53,3 @@ require_relative 'jwk/key_base'
 require_relative 'jwk/ec'
 require_relative 'jwk/rsa'
 require_relative 'jwk/hmac'
-require_relative 'jwk/okp_rbnacl' if JWT.rbnacl?

data/lib/jwt/token.rb CHANGED Viewed

@@ -15,8 +15,6 @@ module JWT
   #   token.header # => {"custom"=>"value", "alg"=>"HS256"}
   #
   class Token
-    include Claims::VerificationMethods
     # Initializes a new Token instance.
     #
     # @param header [Hash] the header of the JWT token.
@@ -97,13 +95,34 @@ module JWT
       raise ::JWT::EncodeError, 'Token already signed' if @signature
       JWA.resolve(algorithm).tap do |algo|
-        header.merge!(algo.header)
+        header.merge!(algo.header) { |_key, old, _new| old }
         @signature = algo.sign(data: signing_input, signing_key: key)
       end
       nil
     end
+    # Verifies the claims of the token.
+    # @param options [Array<Symbol>, Hash] the claims to verify.
+    # @raise [JWT::DecodeError] if the claims are invalid.
+    def verify_claims!(*options)
+      Claims::Verifier.verify!(self, *options)
+    end
+    # Returns the errors of the claims of the token.
+    # @param options [Array<Symbol>, Hash] the claims to verify.
+    # @return [Array<Symbol>] the errors of the claims.
+    def claim_errors(*options)
+      Claims::Verifier.errors(self, *options)
+    end
+    # Returns whether the claims of the token are valid.
+    # @param options [Array<Symbol>, Hash] the claims to verify.
+    # @return [Boolean] whether the claims are valid.
+    def valid_claims?(*options)
+      claim_errors(*options).empty?
+    end
     # Returns the JWT token as a string.
     #
     # @return [String] the JWT token as a string.

data/lib/jwt/version.rb CHANGED Viewed

@@ -12,12 +12,12 @@ module JWT
     Gem::Version.new(VERSION::STRING)
   end
-  # @api private
+  # Version constants
   module VERSION
-    MAJOR = 2
-    MINOR = 10
-    TINY  = 1
-    PRE   = nil
+    MAJOR = 3
+    MINOR = 0
+    TINY  = 0
+    PRE   = 'beta1'
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
   end
@@ -32,22 +32,6 @@ module JWT
     true if 3 * 0x10000000 <= OpenSSL::OPENSSL_VERSION_NUMBER
   end
-  # Checks if the RbNaCl library is defined.
-  #
-  # @return [Boolean] true if RbNaCl is defined, false otherwise.
-  # @api private
-  def self.rbnacl?
-    defined?(::RbNaCl)
-  end
-  # Checks if the RbNaCl library version is 6.0.0 or greater.
-  #
-  # @return [Boolean] true if RbNaCl version is 6.0.0 or greater, false otherwise.
-  # @api private
-  def self.rbnacl_6_or_greater?
-    rbnacl? && ::Gem::Version.new(::RbNaCl::VERSION) >= ::Gem::Version.new('6.0.0')
-  end
   # Checks if there is an OpenSSL 3 HMAC empty key regression.
   #
   # @return [Boolean] true if there is an OpenSSL 3 HMAC empty key regression, false otherwise.

data/lib/jwt.rb CHANGED Viewed

@@ -5,7 +5,6 @@ require 'jwt/base64'
 require 'jwt/json'
 require 'jwt/decode'
 require 'jwt/configuration'
-require 'jwt/deprecations'
 require 'jwt/encode'
 require 'jwt/error'
 require 'jwt/jwk'
@@ -13,9 +12,6 @@ require 'jwt/claims'
 require 'jwt/encoded_token'
 require 'jwt/token'
-require 'jwt/claims_validator'
-require 'jwt/verify'
 # JSON Web Token implementation
 #
 # Should be up to date with the latest spec:
@@ -47,8 +43,6 @@ module JWT
   # @param options [Hash] additional options for decoding.
   # @return [Array<Hash>] the decoded payload and headers.
   def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
-    Deprecations.context do
-      Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
-    end
+    Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
   end
 end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.10.1
+  version: 3.0.0.beta1
 platform: ruby
 authors:
 - Tim Rudat
 bindir: bin
 cert_chain: []
-date: 2024-12-26 00:00:00.000000000 Z
+date: 2025-01-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: base64
@@ -120,6 +120,7 @@ files:
 - CONTRIBUTING.md
 - LICENSE
 - README.md
+- UPGRADING.md
 - lib/jwt.rb
 - lib/jwt/base64.rb
 - lib/jwt/claims.rb
@@ -134,44 +135,34 @@ files:
 - lib/jwt/claims/numeric.rb
 - lib/jwt/claims/required.rb
 - lib/jwt/claims/subject.rb
-- lib/jwt/claims/verification_methods.rb
 - lib/jwt/claims/verifier.rb
-- lib/jwt/claims_validator.rb
 - lib/jwt/configuration.rb
 - lib/jwt/configuration/container.rb
 - lib/jwt/configuration/decode_configuration.rb
 - lib/jwt/configuration/jwk_configuration.rb
 - lib/jwt/decode.rb
-- lib/jwt/deprecations.rb
 - lib/jwt/encode.rb
 - lib/jwt/encoded_token.rb
 - lib/jwt/error.rb
 - lib/jwt/json.rb
 - lib/jwt/jwa.rb
-- lib/jwt/jwa/compat.rb
 - lib/jwt/jwa/ecdsa.rb
-- lib/jwt/jwa/eddsa.rb
 - lib/jwt/jwa/hmac.rb
-- lib/jwt/jwa/hmac_rbnacl.rb
-- lib/jwt/jwa/hmac_rbnacl_fixed.rb
 - lib/jwt/jwa/none.rb
 - lib/jwt/jwa/ps.rb
 - lib/jwt/jwa/rsa.rb
 - lib/jwt/jwa/signing_algorithm.rb
 - lib/jwt/jwa/unsupported.rb
-- lib/jwt/jwa/wrapper.rb
 - lib/jwt/jwk.rb
 - lib/jwt/jwk/ec.rb
 - lib/jwt/jwk/hmac.rb
 - lib/jwt/jwk/key_base.rb
 - lib/jwt/jwk/key_finder.rb
 - lib/jwt/jwk/kid_as_key_digest.rb
-- lib/jwt/jwk/okp_rbnacl.rb
 - lib/jwt/jwk/rsa.rb
 - lib/jwt/jwk/set.rb
 - lib/jwt/jwk/thumbprint.rb
 - lib/jwt/token.rb
-- lib/jwt/verify.rb
 - lib/jwt/version.rb
 - lib/jwt/x5c_key_finder.rb
 - ruby-jwt.gemspec
@@ -180,7 +171,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
-  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.10.1/CHANGELOG.md
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v3.0.0.beta1/CHANGELOG.md
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:

data/lib/jwt/claims/verification_methods.rb DELETED Viewed

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module Claims
-    # @api private
-    module VerificationMethods
-      def verify_claims!(*options)
-        Verifier.verify!(self, *options)
-      end
-      def claim_errors(*options)
-        Verifier.errors(self, *options)
-      end
-      def valid_claims?(*options)
-        claim_errors(*options).empty?
-      end
-    end
-  end
-end

data/lib/jwt/claims_validator.rb DELETED Viewed

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  # @deprecated Use `Claims.verify_payload!` directly instead.
-  class ClaimsValidator
-    # @deprecated Use `Claims.verify_payload!` directly instead.
-    def initialize(payload)
-      Deprecations.warning('The ::JWT::ClaimsValidator class is deprecated and will be removed in the next major version of ruby-jwt')
-      @payload = payload
-    end
-    # @deprecated Use `Claims.verify_payload!` directly instead.
-    def validate!
-      Claims.verify_payload!(@payload, :numeric)
-      true
-    end
-  end
-end

data/lib/jwt/deprecations.rb DELETED Viewed

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  # Deprecations module to handle deprecation warnings in the gem
-  # @api private
-  module Deprecations
-    class << self
-      def context
-        yield.tap { emit_warnings }
-      ensure
-        Thread.current[:jwt_warning_store] = nil
-      end
-      def warning(message, only_if_valid: false)
-        method_name = only_if_valid ? :store : :warn
-        case JWT.configuration.deprecation_warnings
-        when :once
-          return if record_warned(message)
-        when :warn
-          # noop
-        else
-          return
-        end
-        send(method_name, "[DEPRECATION WARNING] #{message}")
-      end
-      def store(message)
-        (Thread.current[:jwt_warning_store] ||= []) << message
-      end
-      def emit_warnings
-        return if Thread.current[:jwt_warning_store].nil?
-        Thread.current[:jwt_warning_store].each { |warning| warn(warning) }
-      end
-      private
-      def record_warned(message)
-        @warned ||= []
-        return true if @warned.include?(message)
-        @warned << message
-        false
-      end
-    end
-  end
-end

data/lib/jwt/jwa/compat.rb DELETED Viewed

@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWA
-    # Provides backwards compatibility for algorithms
-    # @api private
-    module Compat
-      # @api private
-      module ClassMethods
-        def from_algorithm(algorithm)
-          new(algorithm)
-        end
-        def sign(algorithm, msg, key)
-          Deprecations.warning('Support for calling sign with positional arguments will be removed in future ruby-jwt versions')
-          from_algorithm(algorithm).sign(data: msg, signing_key: key)
-        end
-        def verify(algorithm, key, signing_input, signature)
-          Deprecations.warning('Support for calling verify with positional arguments will be removed in future ruby-jwt versions')
-          from_algorithm(algorithm).verify(data: signing_input, signature: signature, verification_key: key)
-        end
-      end
-      def self.included(klass)
-        klass.extend(ClassMethods)
-      end
-    end
-  end
-end

data/lib/jwt/jwa/eddsa.rb DELETED Viewed

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWA
-    # Implementation of the EdDSA family of algorithms
-    class Eddsa
-      include JWT::JWA::SigningAlgorithm
-      def initialize(alg)
-        @alg = alg
-      end
-      def sign(data:, signing_key:)
-        raise_sign_error!("Key given is a #{signing_key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey") unless signing_key.is_a?(RbNaCl::Signatures::Ed25519::SigningKey)
-        Deprecations.warning('Using Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
-        signing_key.sign(data)
-      end
-      def verify(data:, signature:, verification_key:)
-        raise_verify_error!("key given is a #{verification_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey") unless verification_key.is_a?(RbNaCl::Signatures::Ed25519::VerifyKey)
-        Deprecations.warning('Using Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
-        verification_key.verify(signature, data)
-      rescue RbNaCl::CryptoError
-        false
-      end
-      register_algorithm(new('ED25519'))
-      register_algorithm(new('EdDSA'))
-    end
-  end
-end

data/lib/jwt/jwa/hmac_rbnacl.rb DELETED Viewed

@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWA
-    # Implementation of the HMAC family of algorithms (using RbNaCl)
-    class HmacRbNaCl
-      include JWT::JWA::SigningAlgorithm
-      def self.from_algorithm(algorithm)
-        new(algorithm, ::RbNaCl::HMAC.const_get(algorithm.upcase.gsub('HS', 'SHA')))
-      end
-      def initialize(alg, hmac)
-        @alg = alg
-        @hmac = hmac
-      end
-      def sign(data:, signing_key:)
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        hmac.auth(key_for_rbnacl(hmac, signing_key).encode('binary'), data.encode('binary'))
-      end
-      def verify(data:, signature:, verification_key:)
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        hmac.verify(key_for_rbnacl(hmac, verification_key).encode('binary'), signature.encode('binary'), data.encode('binary'))
-      rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
-        false
-      end
-      register_algorithm(new('HS512256', ::RbNaCl::HMAC::SHA512256))
-      private
-      attr_reader :hmac
-      def key_for_rbnacl(hmac, key)
-        key ||= ''
-        raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
-        return padded_empty_key(hmac.key_bytes) if key == ''
-        key
-      end
-      def padded_empty_key(length)
-        Array.new(length, 0x0).pack('C*').encode('binary')
-      end
-    end
-  end
-end

data/lib/jwt/jwa/hmac_rbnacl_fixed.rb DELETED Viewed

@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWA
-    # Implementation of the HMAC family of algorithms (using RbNaCl prior to a certain version)
-    class HmacRbNaClFixed
-      include JWT::JWA::SigningAlgorithm
-      def self.from_algorithm(algorithm)
-        new(algorithm, ::RbNaCl::HMAC.const_get(algorithm.upcase.gsub('HS', 'SHA')))
-      end
-      def initialize(alg, hmac)
-        @alg = alg
-        @hmac = hmac
-      end
-      def sign(data:, signing_key:)
-        signing_key ||= ''
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        raise JWT::DecodeError, 'HMAC key expected to be a String' unless signing_key.is_a?(String)
-        hmac.auth(padded_key_bytes(signing_key, hmac.key_bytes), data.encode('binary'))
-      end
-      def verify(data:, signature:, verification_key:)
-        verification_key ||= ''
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        raise JWT::DecodeError, 'HMAC key expected to be a String' unless verification_key.is_a?(String)
-        hmac.verify(padded_key_bytes(verification_key, hmac.key_bytes), signature.encode('binary'), data.encode('binary'))
-      rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
-        false
-      end
-      register_algorithm(new('HS512256', ::RbNaCl::HMAC::SHA512256))
-      private
-      attr_reader :hmac
-      def padded_key_bytes(key, bytesize)
-        key.bytes.fill(0, key.bytesize...bytesize).pack('C*')
-      end
-    end
-  end
-end

data/lib/jwt/jwa/wrapper.rb DELETED Viewed

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWA
-    # @api private
-    class Wrapper
-      include SigningAlgorithm
-      def initialize(algorithm)
-        @algorithm = algorithm
-      end
-      def alg
-        return @algorithm.alg if @algorithm.respond_to?(:alg)
-        super
-      end
-      def valid_alg?(alg_to_check)
-        return @algorithm.valid_alg?(alg_to_check) if @algorithm.respond_to?(:valid_alg?)
-        super
-      end
-      def header(*args, **kwargs)
-        return @algorithm.header(*args, **kwargs) if @algorithm.respond_to?(:header)
-        super
-      end
-      def sign(*args, **kwargs)
-        return @algorithm.sign(*args, **kwargs) if @algorithm.respond_to?(:sign)
-        super
-      end
-      def verify(*args, **kwargs)
-        return @algorithm.verify(*args, **kwargs) if @algorithm.respond_to?(:verify)
-        super
-      end
-    end
-  end
-end

data/lib/jwt/jwk/okp_rbnacl.rb DELETED Viewed

@@ -1,109 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWK
-    # JSON Web Key (JWK) representation for Ed25519 keys
-    class OKPRbNaCl < KeyBase
-      KTY  = 'OKP'
-      KTYS = [KTY, JWT::JWK::OKPRbNaCl, RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey].freeze
-      OKP_PUBLIC_KEY_ELEMENTS = %i[kty n x].freeze
-      OKP_PRIVATE_KEY_ELEMENTS = %i[d].freeze
-      def initialize(key, params = nil, options = {})
-        params ||= {}
-        Deprecations.warning('Using the OKP JWK for Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
-        # For backwards compatibility when kid was a String
-        params = { kid: params } if params.is_a?(String)
-        key_params = extract_key_params(key)
-        params = params.transform_keys(&:to_sym)
-        check_jwk_params!(key_params, params)
-        super(options, key_params.merge(params))
-      end
-      def verify_key
-        return @verify_key if defined?(@verify_key)
-        @verify_key = verify_key_from_parameters
-      end
-      def signing_key
-        return @signing_key if defined?(@signing_key)
-        @signing_key = signing_key_from_parameters
-      end
-      def key_digest
-        Thumbprint.new(self).to_s
-      end
-      def private?
-        !signing_key.nil?
-      end
-      def members
-        OKP_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
-      end
-      def export(options = {})
-        exported = parameters.clone
-        exported.reject! { |k, _| OKP_PRIVATE_KEY_ELEMENTS.include?(k) } unless private? && options[:include_private] == true
-        exported
-      end
-      private
-      def extract_key_params(key)
-        case key
-        when JWT::JWK::KeyBase
-          key.export(include_private: true)
-        when RbNaCl::Signatures::Ed25519::SigningKey
-          @signing_key = key
-          @verify_key = key.verify_key
-          parse_okp_key_params(@verify_key, @signing_key)
-        when RbNaCl::Signatures::Ed25519::VerifyKey
-          @signing_key = nil
-          @verify_key = key
-          parse_okp_key_params(@verify_key)
-        when Hash
-          key.transform_keys(&:to_sym)
-        else
-          raise ArgumentError, 'key must be of type RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey or Hash with key parameters'
-        end
-      end
-      def check_jwk_params!(key_params, _given_params)
-        raise JWT::JWKError, "Incorrect 'kty' value: #{key_params[:kty]}, expected #{KTY}" unless key_params[:kty] == KTY
-      end
-      def parse_okp_key_params(verify_key, signing_key = nil)
-        params = {
-          kty: KTY,
-          crv: 'Ed25519',
-          x: ::JWT::Base64.url_encode(verify_key.to_bytes)
-        }
-        params[:d] = ::JWT::Base64.url_encode(signing_key.to_bytes) if signing_key
-        params
-      end
-      def verify_key_from_parameters
-        RbNaCl::Signatures::Ed25519::VerifyKey.new(::JWT::Base64.url_decode(self[:x]))
-      end
-      def signing_key_from_parameters
-        return nil unless self[:d]
-        RbNaCl::Signatures::Ed25519::SigningKey.new(::JWT::Base64.url_decode(self[:d]))
-      end
-      class << self
-        def import(jwk_data)
-          new(jwk_data)
-        end
-      end
-    end
-  end
-end