Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support the symmetric signature verification #126

Closed
sberyozkin opened this issue Aug 23, 2019 · 6 comments · Fixed by #305
Closed

Support the symmetric signature verification #126

sberyozkin opened this issue Aug 23, 2019 · 6 comments · Fixed by #305
Assignees
@sberyozkin
Milestone
2.3.0

Comments

@sberyozkin
Copy link
Contributor

It can be possible that the the server itself creates and signs the original JWT token to be used later for the cookie-based authentication (ex, JHipster). To access such tokens via MP JWT Api smallrye-jwt needs to optionally support the hash HS* algorithms which are currently blocked and then a user would just set a whitelist property enabling HS*.
The major change would have to be done in KeyLocationResolver. It will only be supported for the keys stored in the JWK format, and the verificationKey property would have to become just a Key type.
The somewhat unfortunate bit is that the location property is called mp.jwt.publickey.location, so a smallrye.jwt.secretkey.location would likely need to be introduced (it is unlikely the secret keys will be supported at the spec level)
@sberyozkin sberyozkin mentioned this issue Sep 17, 2019
Closed
@sberyozkin sberyozkin mentioned this issue Nov 18, 2019
Closed
@gustf
Copy link

gustf commented May 19, 2020

Hi, do you have any information if and when this will be prioritized?

@sberyozkin
Copy link
Contributor Author

@gustf Hi, I'll try to look into it asap

@sberyozkin sberyozkin self-assigned this May 28, 2020
@gustf
Copy link

gustf commented May 28, 2020

@sberyozkin awesome! 👍

@gustf
Copy link

gustf commented Jun 16, 2020

@sberyozkin any news regarding this issue?

@sberyozkin sberyozkin added this to the 2.2.1 milestone Jul 7, 2020
@sberyozkin
Copy link
Contributor Author

sberyozkin commented Jul 7, 2020
edited
Loading

@gustf Sorry, missed your ping. The initial support will be available in smallrye-jwt-2.2.0 directly from the injectable JWTParser, but more work will need to do a solution which will work for both verification and decryption symmetric keys.

@gustf
Copy link

gustf commented Jul 19, 2020

ok thanks!

@sberyozkin sberyozkin mentioned this issue Aug 26, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sberyozkin sberyozkin

Labels
None yet
Projects
None yet
Milestone
2.3.0
Development

Successfully merging a pull request may close this issue.

Support for the configured secret key location
2 participants
@sberyozkin @gustf