Hi Memo! First, thanks for volunteering! Thrilled to work on this with you.
On TOMEE-3952, are you open to a different task? One of the first things I'll do with TOMEE-3947 is replace the code that parses keys and either our code will conflict and I'll likely end up needing to rewrite your code. Are you at all interested in exploring the spec requirements around TOMEE-3948? I've never worked with encrypted JWTs before, so if you haven't either we're both equally unprepared :) What would be really useful is having you read that part of the spec, look at the TCK to see what kind of encrypted tokens there are, then see if you can create some code in TomEE to decrypt the token (ideally not adding a dep on another library). Doesn't matter if the code is wired into TomEE or duplicates code in TomEE, I can help with that part. You could just throw the code anywhere under here: - https://github.com/apache/tomee/tree/master/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt And add a test case here: - https://github.com/apache/tomee/tree/master/mp-jwt/src/test/java/org/apache/tomee/microprofile/jwt The test can be a plain java, no-tomee, test that decrypts the encrypted JWTs from the TCK. The JWTs and keys could just be copy/pasted into the test case. That would help me see what needs to be done and have that first prototype of code to work from to see what would need to get wired in and where. We could potentially collaborate on that part too. Does that sound like something that would be fun to work on? -David > On May 10, 2022, at 3:33 PM, Memo Díaz Solis <[email protected]> wrote: > > Hello David. I'd like to work on some of them. So if you don't mind, I'd > like to start with TOMEE-3952. > > > > El mar, 10 may 2022 a las 12:00, David Blevins (<[email protected]>) > escribió: > >> I'm starting to take a look at what we need to implement MicroProfile JWT >> 2.0 support. >> >> There are no new requirements in 2.0 itself. That version was largely >> created to communicate MicroProfile overall upgraded from Jakarta EE 8 to >> 9.1. >> >> There are a handful of new requirements 1.2 we have yet to implement. I >> dug through the spec and made this list: >> >> - TOMEE-3947 Elliptic Curve ES256 signature algorithm >> - TOMEE-3948 Decryption of JWTs using RSA-OAEP and A256GCM algorithms >> - TOMEE-3949 Support for JWT audience aud claim >> - TOMEE-3950 Support for JWT token cookies >> - TOMEE-3951 JWT token groups claim is now optional >> - TOMEE-3952 Deprecate RSA keys of 1024 bit length >> >> These all sit as subtasks of this JIRA issue: >> >> - https://issues.apache.org/jira/browse/TOMEE-3946 "MicroProfile JWT 2.0 >> Support" >> >> I'm grabbing TOMEE-3947 Elliptic Curve ES256 signature algorithm >> >> If anyone would like to work on any of the other items, let me know and >> I'll assign it to you. >> >> >> -David >> >>
smime.p7s
Description: S/MIME cryptographic signature
