Hi All In released IS 5.3.0 we have capability of extending the signing mechanism of JWT in JWTTokenGenerator and IDTokenBuilder. But in the latest code base [1] [2] we have deprecated all the protected methods and removed the usage of them as well. With this, we have removed the capability of extending signing mechanism.
Previously we had following method structure. generateToken | -----> signJWT (protected) | -----> signJWTWithRSA (protected) Generate token method calls signJWT method and it calls sign JWT with RSA method. So simply by overriding signJWTWithRSA method we can override the JWT signing behavior. Currently we have deprecated both these methods and also removed the usage of the signJWT method and replaced its occurrence in generateToken method with OAuth2Util method. Which means we have removed the capability of extending signing. IMO what we should do here is deprecate signJWTWithRSA method and call utll method from signJWTWithRSA method and then in a future release we can remove that method and call util method directly from signJWT method. In that way we will remove duplicated code while not removing our extensibility. WDYT? Is there a reason for removing the current extensibility? [1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authcontext/JWTTokenGenerator.java [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java Thanks & Regards Danushka Fernando Associate Tech Lead WSO2 inc. http://wso2.com/ Mobile : +94716332729
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev