No addRootKeyId functionality

[louismorgan-linaro]

I notice in the Python library, there is a set_root_key_id method on the builder construct, but nothing like that seems to exist in this library.

Are there plans to add it? Or is it equivalent to just add the root key id as a normal fact?

[divarvel]

It has not been exposed yet. That could be a nice first contribution.

The difference with python is that we can't move JS closures to the rust side, so we can't have a key selection based on the root key id function in JS (we might be able to work around it by providing a map instead of a function to provide minimal support).

If you're interested i can provide guidance / help.

[louismorgan-linaro]

I am interested, although it's probably something I would have to do in my spare time. I've limited experience with WASM, so a good place to start would be guidance on that.

For clarity, if I were to set a fact when creating the biscuit like root_key_id=1234; would biscuit consumers in other languages, e.g. python or rust be able to provide a function to select a key the usual way? Or does the root key id need to be set in a special way, hence the dedicated method?

[divarvel]

The key id is set in a different way indeed: since it is needed to verify the token signature, it is used before any datalog operation happens, so it requires being set this way. The setting part is easy to do. The trickier part is using this key id when parsing a token in biscuit-wasm (which might not be an issue for you if you intend to use this lib only to mint tokens (or to only consume tokens signed with a single key).

As for the wasm setup, it's fairly well integrated in cargo.

• you need to install wasm-pack (cargo install wasm-pack) and npm + node
• then you can run npm run prepare-package (will compile the rust code to wasm, compress the output, generate the JS support code)
• then you can cd to examples/node and run npm run start

When exposing a new function like setRootKeyId, most of the work is defining a new function in the rust code, with the proper annotation for exposing it as a JS function, and add a couple JS tests to make sure it behaves as expected.

[louismorgan-linaro]

Thanks very much for all the info. As you've correctly deduced, my main interest is in minting tokens although it would be nice if our front end could also perform the key selection natively.

I will certainly attempt to implement the setRootKeyId function, and depending on how that goes I will ask for more help and try to implement the key selection piece.

[louisjmorgan]

Thanks for merging the commit relating to setRootKeyId, do you have a timeline for when the next version of this package would be published to the npm registry?

I would also be keen to have a look at the key selection part. I guess your idea to use a map instead of a function would be something like:

• a wasm binding in rust that takes a javascript object as the argument.
• inside the rust function it creates a key selection function based on that object.
• The javascript object would be like:

{
  [key id]: {public key}
}

• the key selection function logic would just look up the key id in that object and return the public key if it finds a match.

Is that more or less right?

Based on reading the wasm serde bindgen docs, it seems like using a json string as the argument could be faster than a js object as well?

[pcolmer]

@divarvel Are you able to give any indication when there might be a new release of the wasm package that includes #44 ?

[divarvel]

@divarvel Are you able to give any indication when there might be a new release of the wasm package that includes #44 ?

I'm planning a release next week

[divarvel]

#47

[louisjmorgan]

@divarvel thanks! Is anything additional required to publish the new version to npm?

[divarvel]

@divarvel thanks! Is anything additional required to publish the new version to npm?

nope, https://www.npmjs.com/package/@biscuit-auth/biscuit-wasm/v/0.4.1

(i gave adding key selection a try, but it's a bit more involved, i don't have anything working yet)

[louisjmorgan]

(i gave adding key selection a try, but it's a bit more involved, i don't have anything working yet)

I'm happy to have a go if you don't have time

[divarvel]

(i gave adding key selection a try, but it's a bit more involved, i don't have anything working yet)

I'm happy to have a go if you don't have time

i pushed a branch with the current state of things https://github.com/biscuit-auth/biscuit-wasm/tree/key-selector

part of the changes are due to an update to crypto.
For now it fails at the JS / WASM boundary. Public keys are objects that live within the wasm space, and JS just manipulates pointers to it. I haven't found a way to pass map of pointers. One solution if nothing else works would be to pass a JSON object, with stringified key ids as keys and keys as string values, but that's a bit of a hack.

[louisjmorgan]

Thanks, I will take a look this weekend if you haven't solved it by then.