fix: raw JWKS --secret for ES256/ES384 alg (#310)

src/translators/decode.rs

@@ -78,9 +78,9 @@ pub fn decoding_key_from_secret(
         }
         Algorithm::ES256 | Algorithm::ES384 => {
             if !&secret_string.starts_with('@') {
-                return Err(JWTError::Internal(format!(
-                    "Secret for {alg:?} must be a file path starting with @",
-                )));
+                // allows to read JWKS from argument (e.g. output of 'curl https://auth.domain.com/jwks.json')
+                let secret = secret_string.as_bytes().to_vec();
+                return decoding_key_from_jwks_secret(&secret, header);
             }
 
             let secret = slurp_file(&secret_string.chars().skip(1).collect::<String>());
@@ -95,9 +95,9 @@ pub fn decoding_key_from_secret(
         }
         Algorithm::EdDSA => {
             if !&secret_string.starts_with('@') {
-                // allows to read JWKS from argument (e.g. output of 'curl https://auth.domain.com/jwks.json')
-                let secret = secret_string.as_bytes().to_vec();
-                return decoding_key_from_jwks_secret(&secret, header);
+                return Err(JWTError::Internal(format!(
+                    "Secret for {alg:?} must be a file path starting with @",
+                )));
             }
 
             let secret = slurp_file(&secret_string.chars().skip(1).collect::<String>());

tests/main_test.rs

@@ -794,6 +794,49 @@ mod tests {
         assert!(result.is_ok());
     }
 
+    #[test]
+    fn encodes_and_decodes_an_ec_token_using_jwks_secret() {
+        let body: String = "{\"field\":\"value\"}".to_string();
+        let encode_matcher = App::command()
+            .try_get_matches_from(vec![
+                "jwt",
+                "encode",
+                "-A",
+                "ES256",
+                "--kid",
+                "4h7wt2IHHu_RLR6OtlZjCe_mIt8xAReS0cDEwwWAeKU",
+                "--exp",
+                "-S",
+                "@./tests/private_ecdsa_key.pk8",
+                &body,
+            ])
+            .unwrap();
+        let encode_matches = encode_matcher.subcommand_matches("encode").unwrap();
+        let encode_arguments = EncodeArgs::from_arg_matches(encode_matches).unwrap();
+        let encoded_token = encode_token(&encode_arguments).unwrap();
+        // "$(cat ./tests/pub_ecdsa_jwks.json)"
+        let jwks = r#"{"keys":[{"use":"sig","kty":"EC","kid":"4h7wt2IHHu_RLR6OtlZjCe_mIt8xAReS0cDEwwWAeKU","crv":"P-256","x":"w7JAoU_gJbZJvV-zCOvU9yFJq0FNC_edCMRM78P8eQQ","y":"wQg1EytcsEmGrM70Gb53oluoDbVhCZ3Uq3hHMslHVb4"},{"use":"enc","kty":"EC","kid":"4h7wt2IHHu_RLR6OtlZjCe_mIt8xAReS0cDEwwWAeKU","crv":"P-256","x":"w7JAoU_gJbZJvV-zCOvU9yFJq0FNC_edCMRM78P8eQQ","y":"wQg1EytcsEmGrM70Gb53oluoDbVhCZ3Uq3hHMslHVb4"}]}
+"#;
+        let decode_matcher = App::command()
+            .try_get_matches_from(vec![
+                "jwt",
+                "decode",
+                "-S",
+                jwks,
+                "-A",
+                "ES256",
+                &encoded_token,
+            ])
+            .unwrap();
+        let decode_matches = decode_matcher.subcommand_matches("decode").unwrap();
+        let decode_arguments = DecodeArgs::from_arg_matches(decode_matches).unwrap();
+        let (result, _, _) = decode_token(&decode_arguments);
+
+        dbg!(&result);
+
+        assert!(result.is_ok());
+    }
+
     #[test]
     fn encodes_and_decodes_an_eddsa_token_using_key_from_file() {
         let body: String = "{\"field\":\"value\"}".to_string();