Could we extend to use public/private keys?

[geoffw8]

Hey - brilliant gem - was initially looking at Doorkeeper but was extremely pleased to find this one as its precisely what we needed.

I do have a use case I wanted to ask a question about, though. We need to authenticate a partner on a machine-to-machine type basis and my thinking was the best way to do this would be using a public/private key. I notice it says

Currently API Guard supports only HS256 algorithm for cryptographic signing

on the readme, but wanted to know if there was any material reason such a security, non compatibility with some of the code? I'm hoping it's more that you haven't had the need to implement it?

Having had a poke around at the code it looks (potentially) as simple as extending this class: https://github.com/Gokul595/api_guard/blob/66937cc56aaa62af987751e4b95fc673ab82a7fd/lib/api_guard/jwt_auth/json_web_token.rb - is that right?

Thanks in advance!

[Gokul595]

Hey @geoffw8, thanks for opening this suggestion and sorry for the delay in response. There shouldn't be any compatibility issue in adding the public/private key type of algorithm. Just thought of having one algorithm initially and then adding one by one in future based on the gem usage.

I will look for the possibility.