Hi David, thanks for the update.
I think it is a good idea to look at the (unreleased) JWT 2.1 while your head is still "in the zone". Mybe you find some corner/edge/we- dont-like things in the next spec and we can change before it happens. Regarding your original discussion / question: I think, that we can eliminate support for JWTAuthConfiguration. We already switched to smallrye and did some major version upgrades of microprofile. That will - most certainly - break user applications, so their code needs to be touched anyway. If we don't do it now, the next opportunity might be TomEE 10 ;) Gruß Richard Am Freitag, dem 09.09.2022 um 20:29 -0700 schrieb David Blevins: > > On Aug 30, 2022, at 3:10 PM, David Blevins <[email protected] > > > wrote: > > > > I'm digging through the test failures in the MP JWT TCK and one of > > them is a test verifying support for downloading the keys for > > verifying JWTs via an http call. > > > > The trick is the test is deploying an application that makes an > > HTTP request to itself to get the public key and expects that to > > work. Since we validate the configuration before the application > > is started, this does not work -- the application can't call itself > > to make an HTTP request because it hasn't been deployed > > yet. Chicken and egg. > > Alrighty, we're down to just two failures in the MP JWT 2.0 TCK and > both are due to the above. > > As mentioned, fixing this is going to require ripping the code up a > bit and backwards incompatible changes to JWTAuthConfiguration which > was user-facing in TomEE 8.0. > > Before I do that I'm tempted to take a look at implementing the > unreleased JWT 2.1 requirements & TCK tests while my head is in this > space. I know there's at least one change that I'm not a fan of and > there may be others. I'd prefer to get that feedback in asap before > that spec goes final, if possible. > > Anyway, things are looking good! > > > -David > > >
