Skip to content

feat(shared): JWT Validation Library #419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
refcell wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(shared): JWT Validation Library #419

refcell wants to merge 1 commit into from

Conversation

@refcell
Copy link
Contributor

@refcell refcell commented Jan 13, 2026

Summary

Closes #414

Adds a lightweight JWT validation library to crates/shared/jwt for fail-fast authentication with the engine API.

Ports logic from #395.

Changes

  • JwtError / JwtValidationError - Error types for parsing and validation
  • read_jwt_secret / default_jwt_secret / resolve_jwt_secret - JWT loading utilities
  • JwtValidator - Engine API capability exchange with retry logic (behind engine-validation feature)

@refcell refcell self-assigned this Jan 13, 2026
@refcell refcell added K-enhancement Kind: New feature or request A-shared Area: shared crates labels Jan 13, 2026
@cb-heimdall
Copy link
Collaborator

cb-heimdall commented Jan 13, 2026
edited
Loading

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 1
Sum 2

@haardikk21
Copy link
Collaborator

haardikk21 commented Jan 13, 2026

where is this gonna be used? does kona/reth not already validate JWTs for auth api?

@refcell refcell added this to the v0.4.0 milestone Jan 13, 2026
@refcell
Copy link
Contributor Author

refcell commented Jan 13, 2026

where is this gonna be used? does kona/reth not already validate JWTs for auth api?

Yes and no -- the error output by reth is not clear to the user and it may take time after startup to error out since engine api calls don't happen right away. Kona only does this inside it's binary so we can't rely on kona here, we need to roll this validation ourself (that's why placing logic in crates makes it easier for downstream users like us to re-use that logic).

TL;DR: we will use this in the base consensus binary since it's not handled by the kona node service, only the binary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danyalprout danyalprout Awaiting requested review from danyalprout

@haardikk21 haardikk21 Awaiting requested review from haardikk21

At least 1 approving review is required to merge this pull request.

Assignees

@refcell refcell

Labels

A-shared Area: shared crates K-enhancement Kind: New feature or request

Projects

None yet

Milestone

v0.4.0

Development

Successfully merging this pull request may close these issues.

feat(shared): JWT Validation Lib

4 participants

@refcell @cb-heimdall @haardikk21