On Thu, Jan 4, 2018 at 4:32 PM, Hasanthi Purnima Dissanayake < hasan...@wso2.com> wrote:
> Hi All, > > Following tasks are identified for the implementation for the $subject. > > 1. Move the logic of validating the token API invocation request to > validate required parameters for JWT client authentication to > PrivatekeyJWTClientAuthHandler > 2. Introduce a new interface to read the public certificate. > - Certificate can be read from keystore > - Certificate can be read from db > So this has to work with SP wise certificates which we are planing to implement and currently in progress. Given the timelines I think we can implement this extension for reading certificate per SP from DB. Hence let's add this also to the scope since it adds a value and also we don't need to worry about restarting servers once a certificate is added. Anyway we need per SP certificate in this case. Hence the best approach is to use this new feature which is done by Rushmin. Previous way of implementation is just a workaround. Also we should support previous way as well through a config in order to cater backward compatibility. > - Certificate can be read from any other means > 3. Data which will be persisted in IDN_JWT_PRIVATE_KEY can be grown > rapidly which may cause to some performance issues. So need to implement a > cleanup script based on the expiration time of the JWT. > 4. Honour the UI configuration for confidential applications which is > discussed in mail [1] > > Apart from above need to consider on following tasks: > 1. Improving the unit tests of the repository > 2. Improve the documentations for the $subject. > > > [1] Confidential Aplications in OAuth2 Flow > > Thanks, > -- > > Hasanthi Dissanayake > > Senior Software Engineer | WSO2 > > E: hasan...@wso2.com > M :0718407133 <071%20840%207133>| http://wso2.com <http://wso2.com/> > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
