Hi All
In released IS 5.3.0 we have capability of extending the signing mechanism
of JWT in JWTTokenGenerator and IDTokenBuilder. But in the latest code base
[1] [2] we have deprecated all the protected methods and removed the usage
of them as well. With this, we have removed the capability of extending
signing mechanism.
Previously we had following method structure.
generateToken
|
-----> signJWT (protected)
|
-----> signJWTWithRSA (protected)
Generate token method calls signJWT method and it calls sign JWT with RSA
method. So simply by overriding signJWTWithRSA method we can override the
JWT signing behavior. Currently we have deprecated both these methods and
also removed the usage of the signJWT method and replaced its occurrence in
generateToken method with OAuth2Util method. Which means we have removed
the capability of extending signing.
IMO what we should do here is deprecate signJWTWithRSA method and call utll
method from signJWTWithRSA method and then in a future release we can
remove that method and call util method directly from signJWT method. In
that way we will remove duplicated code while not removing our
extensibility.
WDYT? Is there a reason for removing the current extensibility?
[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authcontext/JWTTokenGenerator.java
[2]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java
Thanks & Regards
Danushka Fernando
Associate Tech Lead
WSO2 inc. http://wso2.com/
Mobile : +94716332729
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
