Hi Gayan, +1.
Using nimbuz is a good approach. It provides better flexibility than hardcoding the kwt token format. Touched, not typed. Erroneous words are a feature, not a typo. On Dec 11, 2014 11:49 PM, "Gayan Gunawardana" <[email protected]> wrote: > > Hi All, > > In JWT token generator [1] use low level JWT building and signing process which makes bit difficult to validate signature in client side. But in [2] we use nimbus [3] to generate and sign OpenID connect ID token. Shall we change JWT generator in [1] to use nimbus library ? > Nimbus provides very comprehensive option to generate JWT and validate signature in client side. > > [1] https://github.com/wso2-dev/carbon-identity/blob/master/components/identity/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authcontext/JWTTokenGenerator.java This is kind of hard coding the token which makes hard to add a custom claim. > > [2] https://github.com/wso2-dev/carbon-identity/blob/master/components/identity/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java > > [3]http://connect2id.com/products/nimbus-jose-jwt > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
