This slightly simplifies calling code by centralizing the common 3-liner to create a JWT from claims, signed by a key.
But more importantly, it reduces the risk of key.PreProcessToken() being forgotten, which will become relevant in upcoming PRs:
key.PreProcessToken() adds the key id to the JWT header, which is important to efficiently validate tokens when multiple validation keys are supported (that is not the case yet)
(This patch was originally part of a larger PR to be submitted, but has been pulled out because of pull requests being squashed for merge)
Tests
- I added test coverage for Go changes...
- in their respective
*_test.gofor unit tests. - in the
tests/integrationdirectory if it involves interactions with a live Forgejo server.
- in their respective
Documentation
- I created a pull request to the documentation to explain to Forgejo users how to use this change.
- I did not document these changes and I do not expect someone else to do it.
Release notes
- This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.