Open
Conversation
Stop using lestrrat-go/jwx for building/signing the client assertion JWT and instead construct and sign the JWT manually. The code now marshals a RS256 header and the claims (iss, sub, aud, jti, iat, exp), base64-url encodes header and payload, computes a SHA-256 digest of the signing input, and signs with rsa.SignPKCS1v15. Imports were updated accordingly (added crypto, rand, sha256, encoding/base64; removed jwa/jwt). Error messages were adjusted to reflect the new steps. This removes the jwx dependency while preserving the original JWT claims and lifetime.
* [FFS-4030] fix bug with sending json over * logger context tweaking * fix json format * merging despite formatter errors because they were pre-existing conditions --------- Co-authored-by: Ian Norris <iannorris@Ians-MacBook-Pro.local>
…#19) * [FFS-3970] move documentation around and make sure instructions clear * fold in request id header --------- Co-authored-by: Ian Norris <iannorris@Ians-MacBook-Pro.local>
pkg/education/submit.go
Outdated
| Code string `json:"code"` | ||
| } | ||
|
|
||
| func mapLegacyEnrollmentStatus(respBytes []byte) (SchoolEnrollmentStatus, error) { |
Contributor
There was a problem hiding this comment.
this test is a duplicate of the code--> can we refactor these test cases into seperate, legible tests explaining why we are testing the different responses?
Contributor
Author
There was a problem hiding this comment.
These have been split up now
iannorriswork
requested changes
Apr 2, 2026
Contributor
iannorriswork
left a comment
iannorriswork
left a comment
There was a problem hiding this comment.
split the oauth changes from the enrollment code checks
* chore: pin audited pnpm transitive deps * ci: add pnpm audit workflow * Try setting up pnpm earlier * Do not cache pnpm deps
Stop using lestrrat-go/jwx for building/signing the client assertion JWT and instead construct and sign the JWT manually. The code now marshals a RS256 header and the claims (iss, sub, aud, jti, iat, exp), base64-url encodes header and payload, computes a SHA-256 digest of the signing input, and signs with rsa.SignPKCS1v15. Imports were updated accordingly (added crypto, rand, sha256, encoding/base64; removed jwa/jwt). Error messages were adjusted to reflect the new steps. This removes the jwx dependency while preserving the original JWT claims and lifetime.
Stop using lestrrat-go/jwx for building/signing the client assertion JWT and instead construct and sign the JWT manually. The code now marshals a RS256 header and the claims (iss, sub, aud, jti, iat, exp), base64-url encodes header and payload, computes a SHA-256 digest of the signing input, and signs with rsa.SignPKCS1v15. Imports were updated accordingly (added crypto, rand, sha256, encoding/base64; removed jwa/jwt). Error messages were adjusted to reflect the new steps. This removes the jwx dependency while preserving the original JWT claims and lifetime.
…nto fix/nsc-schema
Update education submit logic and tests to use the unified Response type, introduce typed errors for legacy NSC status handling, and consolidate duplicated legacy mapping code. Changes include: add errLegacyEnrollmentStatusRequired and errUnsupportedLegacyNSCStatusCode, return Response instead of EducationResponse on submit failure, deduplicate and simplify mapLegacyEnrollmentStatus to return typed errors (wrapping unsupported codes), add nolint for translateNSCResponse, and update tests to use the new education.Response type. Also add a nolint tag comment to the veteran Response CombinedDisabilityRating field to satisfy linting for external JSON tag casing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stop using lestrrat-go/jwx for building/signing the client assertion JWT and instead construct and sign the JWT manually. The code now marshals a RS256 header and the claims (iss, sub, aud, jti, iat, exp), base64-url encodes header and payload, computes a SHA-256 digest of the signing input, and signs with rsa.SignPKCS1v15. Imports were updated accordingly (added crypto, rand, sha256, encoding/base64; removed jwa/jwt). Error messages were adjusted to reflect the new steps. This removes the jwx dependency while preserving the original JWT claims and lifetime.