Good, and happy to wait if you volunteer for the M3 release lol Added a quick note this morning regarding this renaming [image: image.png]
signerKeys could have become signingKeys or something else. But using publicKeys with Key being an abstraction for a secret key or a public/private key, I'm not sure it's accurate. Either you change the Key type to a subclass which is more specialized. Or we keep a more generic name. That code is supposed to handle both symmetric and asymmetric algorithms, right? If not, it should anyways in my opinion. What do you think? -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Tue, May 7, 2019 at 6:03 AM David Blevins <[email protected]> wrote: > Early feedback is good, like "looks good so far". As are ideas or > suggestions like, "can you sneak x in while you're at it?" > > Also someone could actually be documenting in parallel if they wanted to > help. Writing emails with short notes on what the code does is easy. > Making it all polished like documentation is the hard part. If someone is > looking for something to do, and wants to turn this thread into evolving > document, you'd be my personal hero :) > > I've never actually tried anything like that before, so would be a fun > experiment :) > > > -- > David Blevins > http://twitter.com/dblevins > http://www.tomitribe.com > > > On May 6, 2019, at 8:54 PM, David Blevins <[email protected]> > wrote: > > > > Hey All, > > > > I've opened a draft PR for some work-in-progress: > > > > - https://github.com/apache/tomee/pull/465 > > > > At this point I'm attempting to just clean up the MP-JWT code. Wanted > to get a few commits in to make sure I was serious before bugging anyone. > Looks like I'm finding the time. > > > > I did a presentation in March using TomEE 8.0.0-M2 and generally found > the user experience on JWT verification not very good. It gives 401 with > no indication of what went wrong, so it isn't clear on how to fix. > > > > My goals currently: > > > > - simplify code as much as possible, delete anything non-critical: we > can add it again if we really need it. > > > > - greatly expand testing of key conversion, etc. > > > > - improve logging > > > > - improve potential features > > > > - write documentation > > > > Full disclosure, I'm giving a presentation again next week in Tokyo, so > my windows to work in will get tight and there'll be some definite offline > time. > > > > I have kind of a fantasy about there being an actual M3 release in the > next week. I don't know if that's realistic :) > > > > > > > > -- > > David Blevins > > http://twitter.com/dblevins > > http://www.tomitribe.com > > > >
