+1 For JWS and JWE you can directly use Nimbus[1] java library which is released under Apache 2.0 license..
[1]: http://connect2id.com/products/nimbus-jose-jwt/download Thanks & regards, -Prabath On Sat, Sep 6, 2014 at 11:22 PM, Gayan Gunawardana <[email protected]> wrote: > Hi, > > Currently WSO2 Identity Server has OpenID connect implantation, but It was > not fully compliance with OpenID connect specifications [1]. There are > couple of specifications like Core, Discovery, Dynamic Registration, Session > Management ...etc. OpenID connect ID Token implementation comes under Core > specification [2]. > > Basically ID Token contains claims about the authentication of an end-user > in Base64 encoded manner. ID Token is a JSON Web Token (JWT) and there > should be some mandatory attributes according to this [3]. > > Current implementation of WSO2 Identity Server there are some missing > mandatory attributes like > > auth_time > nonce > at_hash > acr > amr > > The effort is to include all these mandatory attributes and introduce > signing and encryption for ID Token. ID Tokens MUST be signed using JWS [4] > and optionally both signed and then encrypted using JWS and JWE [5] > respectively. > > > > [1] http://openid.net/connect/ > > [2] http://openid.net/specs/openid-connect-core-1_0.html > > [3] http://openid.net/specs/openid-connect-core-1_0.html#IDToken > > [4] https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31 > > [5] https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-31 > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org _______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
