Two votes are up in the TomEE community on what to do with PR #123 ( https://github.com/apache/tomee/pull/123 ). The first vote is if TomEE should merge it. The second vote is if TomEE should attempt to extract it.
It was said 3-4 times in the discussion between both communities "geronimo will have a jwt-auth impl." This is absolutely ok, there is no rule that two projects cannot do the same or similar thing. Apache Tamaya exists and there is a Geronimo Config, both aim at MicroProfile Config compliance. This is OK by ASF standards and one community is not judged good or bad for choosing to also implement something. That said, decisions like this should be made by the project clearly. Some people may want to move ahead now. Some people may want to wait and see how things go with TomEE. Vote: Move ahead with creating a reusable JWT module +1 Let's get on this, now. There may be two impls, but that's ok. -+0 -1 Let's wait / maybe later / other -David