reta commented on code in PR #990:
URL: https://github.com/apache/cxf/pull/990#discussion_r951956470
##########
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java:
##########
@@ -646,7 +647,12 @@ protected String processJwtAccessToken(JwtClaims
jwtCliams) {
// It will JWS-sign (default) and/or JWE-encrypt
OAuthJoseJwtProducer processor =
getJwtAccessTokenProducer() == null ? new OAuthJoseJwtProducer() :
getJwtAccessTokenProducer();
- return processor.processJwt(new JwtToken(jwtCliams));
+
+ JwsHeaders jwsHeaders = new JwsHeaders();
Review Comment:
@arthurchan35 it does not seem to be solving the problem at large:
- as you may see in the comment [1], it could be JWS or JWE
- for `JWE`, the `JwsHeaders` are not used, the `JweHeaders` are
Looking into the right place to apply the spec recommendation, but on more
general note, we need to introduce a member to `JoseType` for `at+JWT` and
respective constant to `JoseConstants`.
[1]
https://github.com/apache/cxf/pull/990/files#diff-1c24cdb27ac335b1f77f921093e723cfeeda77ce8e14d3196d2d1977a3d1effaR648
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
