[DISCUSSION] - Next major version

[victorolinasc]

Hi you all! This issue is to discuss a possible next major version and things that are still bad or missing on the current implementation.

Here is my current list of "would love to have time to work on" things:

A "plug-in" crypto implementation

Currently we rely heavily on JOSE for almost all operations. It is a wonderful library and is used by many projects across the BEAM community.

There are some choices of implementation there, though, where we could possibly do better. I've mentioned this there on some issues. Base64 implementation in Elixir is much faster, we wouldn't need so many tuple <-> map transformations and we could use other specific crypto libraries like nacl and so on.

My idea here is to have a crypto "plug-in" mechanism but still default it to JOSE (but it would become an explicit dependency). The plug-in system would implement behaviours for Joken.Signer and possibly others...

A Joken.Encrypter for providing JWE

The whole idea of Joken is to have an easy to use API for validation. Checking the validity of a signature is, of course, crucial, but so is the expiration, audience and other custom claims one might have in a token. The same thing would apply to JWEs. We would make all the crypto dance but still provide the same API for validating the claims in the payload.

Better "defaults"

Here is where most issues are...

• Claims required by default
• Custom error messages (or return)
• So on...

Anyway, this is just my current thoughts...

So, what do you think?

[bryanjos]

I'll have to dig more into the issues to also get a view of what comes up the most. The plug-in crypto seems useful for the reasons you put here.