-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support the symmetric signature verification #126
Comments
Hi, do you have any information if and when this will be prioritized? |
@gustf Hi, I'll try to look into it asap |
@sberyozkin awesome! 👍 |
@sberyozkin any news regarding this issue? |
@gustf Sorry, missed your ping. The initial support will be available in |
ok thanks! |
It can be possible that the the server itself creates and signs the original JWT token to be used later for the cookie-based authentication (ex, JHipster). To access such tokens via MP JWT Api smallrye-jwt needs to optionally support the hash HS* algorithms which are currently blocked and then a user would just set a whitelist property enabling HS*.
The major change would have to be done in
KeyLocationResolver
. It will only be supported for the keys stored in the JWK format, and theverificationKey
property would have to become just aKey
type.The somewhat unfortunate bit is that the location property is called
mp.jwt.publickey.location
, so asmallrye.jwt.secretkey.location
would likely need to be introduced (it is unlikely the secret keys will be supported at the spec level)The text was updated successfully, but these errors were encountered: