On Fri, Jan 5, 2018 at 7:49 AM, Isura Karunaratne <is...@wso2.com> wrote:
> Hi Hasanthi, > > On Thu, Jan 4, 2018 at 4:32 PM, Hasanthi Purnima Dissanayake < > hasan...@wso2.com> wrote: > >> Hi All, >> >> Following tasks are identified for the implementation for the $subject. >> >> 1. Move the logic of validating the token API invocation request to >> validate required parameters for JWT client authentication to >> PrivatekeyJWTClientAuthHandler >> 2. Introduce a new interface to read the public certificate. >> - Certificate can be read from keystore >> - Certificate can be read from db >> - Certificate can be read from any other means >> 3. Data which will be persisted in IDN_JWT_PRIVATE_KEY can be grown >> rapidly which may cause to some performance issues. So need to implement a >> cleanup script based on the expiration time of the JWT. >> > > Which data are supposed to store in IDN_JWT_PRIVATE_KEY table? What is > the reason to store those data? > If we are storing private keys in the table, make sure the content is encrypted to avoid security concerns. > > Thanks > Isura. > >> 4. Honour the UI configuration for confidential applications which is >> discussed in mail [1] >> >> Apart from above need to consider on following tasks: >> 1. Improving the unit tests of the repository >> 2. Improve the documentations for the $subject. >> >> >> [1] Confidential Aplications in OAuth2 Flow >> >> Thanks, >> -- >> >> Hasanthi Dissanayake >> >> Senior Software Engineer | WSO2 >> >> E: hasan...@wso2.com >> M :0718407133| http://wso2.com <http://wso2.com/> >> > > > > -- > > *Isura Dilhara Karunaratne* > Associate Technical Lead | WSO2 > Email: is...@wso2.com > Mob : +94 772 254 810 <+94%2077%20225%204810> > Blog : http://isurad.blogspot.com/ > > > > Regards, Omindu. -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
