Hi
Luigi (FH Koln) suggested some good refactoring ideas for the original
oauth2-jwt module, now named oauth2-jose. Specifically, he correctly
pointed out that JWE/JWT is not depending on OAuth2 works, but it is the
other way around where OAuth2 applications may use JWT tokens for a
variety of goals.
I'm preparing one last module split there, in time for tomorrows builds
(Dan, please wait till I'm done :-)). I had to move some of Oauth2
security utils to the core, but in fact those security utils are not
OAuth2 specific, lots of boilerplate code to to with loading keys,
encrypting, signing, depending on Java security API only, I think it
might make sense to keep them there as it can be handy not only for the
OAuth2/JOSE code, but for people doing custom interceptors, etc...
though of course then can be easily moved to some other destination if
preferred and Colm, Dan, others reviewing those utils would be welcome too
Thanks, Sergey
