downgrade dart_jsonwebtoken

Author: grdsdev

packages/gotrue/lib/src/gotrue_client.dart

@@ -1341,19 +1341,17 @@ class GoTrueClient {
     return exception;
   }
 
-  Future<JWTKey?> _fetchJwk(String kid, JWKSet suppliedJwks) async {
+  Future<JWK?> _fetchJwk(String kid, JWKSet suppliedJwks) async {
     // try fetching from the supplied jwks
-    final jwk = suppliedJwks.keys
-        .firstWhereOrNull((jwk) => jwk.toJWK(keyID: kid)['kid'] == kid);
+    final jwk = suppliedJwks.keys.firstWhereOrNull((jwk) => jwk.kid == kid);
     if (jwk != null) {
       return jwk;
     }
 
     final now = DateTime.now();
 
     // try fetching from cache
-    final cachedJwk = _jwks?.keys
-        .firstWhereOrNull((jwk) => jwk.toJWK(keyID: kid)['kid'] == kid);
+    final cachedJwk = _jwks?.keys.firstWhereOrNull((jwk) => jwk.kid == kid);
 
     // jwks exists and it isn't stale
     if (cachedJwk != null &&
@@ -1379,8 +1377,7 @@ class GoTrueClient {
     _jwksCachedAt = now;
 
     // find the signing key
-    return jwks.keys
-        .firstWhereOrNull((jwk) => jwk.toJWK(keyID: kid)['kid'] == kid);
+    return jwks.keys.firstWhereOrNull((jwk) => jwk.kid == kid);
   }
 
   /// Extracts the JWT claims present in the access token by first verifying the
@@ -1434,7 +1431,7 @@ class GoTrueClient {
     }
 
     try {
-      JWT.verify(token, signingKey);
+      JWT.verify(token, signingKey.rsaPublicKey);
       return GetClaimsResponse(
           claims: decoded.payload,
           header: decoded.header,

packages/gotrue/lib/src/types/jwt.dart

@@ -1,3 +1,5 @@
+import 'dart:convert';
+
 import 'package:dart_jsonwebtoken/dart_jsonwebtoken.dart';
 
 /// JWT Header structure
@@ -159,21 +161,114 @@ class GetClaimsOptions {
 }
 
 class JWKSet {
-  final List<JWTKey> keys;
+  final List<JWK> keys;
 
   JWKSet({required this.keys});
 
   factory JWKSet.fromJson(Map<String, dynamic> json) {
     final keys = (json['keys'] as List<dynamic>?)
-            ?.map((e) => JWTKey.fromJWK(e as Map<String, dynamic>))
+            ?.map((e) => JWK.fromJson(e as Map<String, dynamic>))
             .toList() ??
         [];
     return JWKSet(keys: keys);
   }
 
   Map<String, dynamic> toJson() {
     return {
-      'keys': keys.map((e) => e.toJWK()).toList(),
+      'keys': keys.map((e) => e.toJson()).toList(),
+    };
+  }
+}
+
+/// {@template jwk}
+/// JSON Web Key (JWK) representation.
+/// {@endtemplate}
+class JWK {
+  /// The "kty" (key type) parameter identifies the cryptographic algorithm
+  /// family used with the key, such as "RSA" or "EC".
+  final String kty;
+
+  /// The "key_ops" (key operations) parameter identifies the cryptographic
+  /// operations for which the key is intended to be used.
+  final List<String> keyOps;
+
+  /// The "alg" (algorithm) parameter identifies the algorithm intended for
+  /// use with the key.
+  final String? alg;
+
+  /// The "kid" (key ID) parameter is used to match a specific key.
+  final String? kid;
+
+  /// Additional arbitrary properties of the JWK.
+  final Map<String, dynamic> _additionalProperties;
+
+  /// {@macro jwk}
+  JWK({
+    required this.kty,
+    required this.keyOps,
+    this.alg,
+    this.kid,
+    Map<String, dynamic>? additionalProperties,
+  }) : _additionalProperties = additionalProperties ?? {};
+
+  /// Creates a [JWK] from a JSON map.
+  factory JWK.fromJson(Map<String, dynamic> json) {
+    final kty = json['kty'] as String;
+    final keyOps =
+        (json['key_ops'] as List<dynamic>?)?.map((e) => e as String).toList() ??
+            [];
+    final alg = json['alg'] as String?;
+    final kid = json['kid'] as String?;
+
+    final Map<String, dynamic> additionalProperties = Map.from(json);
+    additionalProperties.remove('kty');
+    additionalProperties.remove('key_ops');
+    additionalProperties.remove('alg');
+    additionalProperties.remove('kid');
+
+    return JWK(
+      kty: kty,
+      keyOps: keyOps,
+      alg: alg,
+      kid: kid,
+      additionalProperties: additionalProperties,
+    );
+  }
+
+  /// Allows accessing additional properties using operator[].
+  dynamic operator [](String key) {
+    switch (key) {
+      case 'kty':
+        return kty;
+      case 'key_ops':
+        return keyOps;
+      case 'alg':
+        return alg;
+      case 'kid':
+        return kid;
+      default:
+        return _additionalProperties[key];
+    }
+  }
+
+  /// Converts this [JWK] to a JSON map.
+  Map<String, dynamic> toJson() {
+    final Map<String, dynamic> json = {
+      'kty': kty,
+      'key_ops': keyOps,
+      ..._additionalProperties,
     };
+    if (alg != null) {
+      json['alg'] = alg;
+    }
+    if (kid != null) {
+      json['kid'] = kid;
+    }
+    return json;
+  }
+
+  RSAPublicKey get rsaPublicKey {
+    final bytes = utf8.encode(json.encode(toJson()));
+    return RSAPublicKey.bytes(bytes);
   }
 }

packages/gotrue/pubspec.yaml

@@ -18,7 +18,7 @@ dependencies:
   meta: ^1.7.0
   logging: ^1.2.0
   web: ">=0.5.0 <2.0.0"
-  dart_jsonwebtoken: ^3.3.0
+  dart_jsonwebtoken: ^2.17.0
 
 dev_dependencies:
   dotenv: ^4.1.0

packages/supabase_flutter/pubspec.yaml

@@ -25,7 +25,7 @@ dependencies:
   web: '>=0.5.0 <2.0.0'
 
 dev_dependencies:
-  dart_jsonwebtoken: ^3.3.0
+  dart_jsonwebtoken: ^2.17.0
   flutter_test:
     sdk: flutter
   flutter_lints: ^3.0.1