[THORN-2160] Including JWE key encryption alias as a header by default #1153
Conversation
|
Jose4J examples page says it is a 'polite thing to do' to report a (public) JWE encryption key alias :-), hence, as we agreed with David, that should be done by default |
|
Michal or Ladislav, please have a quick look, these are just minor updates across two tested implementations (the default one and Jose4j) |
| * Include Encryption Key Alias as Header. | ||
| */ | ||
| @Configurable("thorntail.jose.encryption.include.alias") | ||
| @AttributeDocumentation("Include the encryption key alias as a 'kid' header: true (default)") |
There was a problem hiding this comment.
What "header"? It's not an HTTP header, right?
Also, I'd replace : true (default) with (defaults to true).
There was a problem hiding this comment.
It is the JWE(JSON Web Encryption) header it is referring to. Described in detail here
https://tools.ietf.org/html/rfc7516
There was a problem hiding this comment.
That RFC uses a term "JOSE header", so if this read "Include the encryption key alias as the JOSE kid header", or something like that, that would be great IMHO.
There was a problem hiding this comment.
Sure, np, will update shortly
|
I don't quite understand what "header" are we talking about, but if you clarify that in the attribute documentation, I think that would be enough. Otherwise LGTM. |
|
retest this please |
|
Lets see what happens to https://ci.wildfly-swarm.io/job/thorntail-pull-request-linux/717/ :-) |
|
Jose tests are green |
No description provided.