Hi All,
Following tasks are identified for the implementation for the $subject.
1. Move the logic of validating the token API invocation request to
validate required parameters for JWT client authentication to
PrivatekeyJWTClientAuthHandler
2. Introduce a new interface to read the public certificate.
- Certificate can be read from keystore
- Certificate can be read from db
- Certificate can be read from any other means
3. Data which will be persisted in IDN_JWT_PRIVATE_KEY can be grown rapidly
which may cause to some performance issues. So need to implement a cleanup
script based on the expiration time of the JWT.
4. Honour the UI configuration for confidential applications which is
discussed in mail [1]
Apart from above need to consider on following tasks:
1. Improving the unit tests of the repository
2. Improve the documentations for the $subject.
[1] Confidential Aplications in OAuth2 Flow
Thanks,
--
Hasanthi Dissanayake
Senior Software Engineer | WSO2
E: [email protected]
M :0718407133| http://wso2.com <http://wso2.com/>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
