I'm starting to take a look at what we need to implement MicroProfile JWT 2.0 support.
There are no new requirements in 2.0 itself. That version was largely created to communicate MicroProfile overall upgraded from Jakarta EE 8 to 9.1. There are a handful of new requirements 1.2 we have yet to implement. I dug through the spec and made this list: - TOMEE-3947 Elliptic Curve ES256 signature algorithm - TOMEE-3948 Decryption of JWTs using RSA-OAEP and A256GCM algorithms - TOMEE-3949 Support for JWT audience aud claim - TOMEE-3950 Support for JWT token cookies - TOMEE-3951 JWT token groups claim is now optional - TOMEE-3952 Deprecate RSA keys of 1024 bit length These all sit as subtasks of this JIRA issue: - https://issues.apache.org/jira/browse/TOMEE-3946 "MicroProfile JWT 2.0 Support" I'm grabbing TOMEE-3947 Elliptic Curve ES256 signature algorithm If anyone would like to work on any of the other items, let me know and I'll assign it to you. -David
smime.p7s
Description: S/MIME cryptographic signature
