Thank you Richard. I'll take a look at those. El mié, 11 may 2022 a las 0:12, Zowalla, Richard (< [email protected]>) escribió:
> Hi, > > you can find the MP TCK Harness (which is run in the TomEE build) here: > > https://github.com/apache/tomee/tree/master/tck/microprofile-tck/jwt > > The actual MP JWT TCK tsts are in this artifact > > <groupId>org.eclipse.microprofile.jwt</groupId> > <artifactId>microprofile-jwt-auth-tck</artifactId> > > the related repository of the MP JWT TCK source code can be found here: > > https://github.com/eclipse/microprofile-jwt-auth > > Gruß > Richard > > > Am Dienstag, dem 10.05.2022 um 19:58 -0600 schrieb Memo Díaz Solis: > > Helping on TOMEE-3948 in some way, sounds good to me . > > > > I'll start by reviewing the Spec and then the TCK. > > > > Regarding the Spec, I found this > > < > > > https://download.eclipse.org/microprofile/microprofile-jwt-auth-2.0/microprofile-jwt-auth-spec-2.0.html > > > > > so > > I assume that's where the spec is published, but for the TCK I got > > this: Projects > > (tck.work) <https://tck.work/tomee/projects> which is for TomEE, but > > did > > not find the microprofile TCK so I guess it is for Jakarta EE only. > > So for > > the Eclipse Microprofile is there a TCK built in a different > > workspace? > > > > > > El mar, 10 may 2022 a las 18:11, David Blevins (< > > [email protected]>) > > escribió: > > > > > Hi Memo! > > > > > > First, thanks for volunteering! Thrilled to work on this with you. > > > > > > On TOMEE-3952, are you open to a different task? One of the first > > > things > > > I'll do with TOMEE-3947 is replace the code that parses keys and > > > either our > > > code will conflict and I'll likely end up needing to rewrite your > > > code. > > > > > > Are you at all interested in exploring the spec requirements around > > > TOMEE-3948? I've never worked with encrypted JWTs before, so if > > > you > > > haven't either we're both equally unprepared :) > > > > > > What would be really useful is having you read that part of the > > > spec, look > > > at the TCK to see what kind of encrypted tokens there are, then see > > > if you > > > can create some code in TomEE to decrypt the token (ideally not > > > adding a > > > dep on another library). Doesn't matter if the code is wired into > > > TomEE or > > > duplicates code in TomEE, I can help with that part. You could > > > just throw > > > the code anywhere under here: > > > > > > - > > > > https://github.com/apache/tomee/tree/master/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt > > > > > > And add a test case here: > > > > > > - > > > > https://github.com/apache/tomee/tree/master/mp-jwt/src/test/java/org/apache/tomee/microprofile/jwt > > > > > > The test can be a plain java, no-tomee, test that decrypts the > > > encrypted > > > JWTs from the TCK. The JWTs and keys could just be copy/pasted > > > into the > > > test case. That would help me see what needs to be done and have > > > that > > > first prototype of code to work from to see what would need to get > > > wired in > > > and where. We could potentially collaborate on that part too. > > > > > > Does that sound like something that would be fun to work on? > > > > > > > > > -David > > > > > > > > > > On May 10, 2022, at 3:33 PM, Memo Díaz Solis <[email protected]> > > > > wrote: > > > > > > > > Hello David. I'd like to work on some of them. So if you don't > > > > mind, I'd > > > > like to start with TOMEE-3952. > > > > > > > > > > > > > > > > El mar, 10 may 2022 a las 12:00, David Blevins (< > > > > [email protected] > > > > ) > > > > escribió: > > > > > > > > > I'm starting to take a look at what we need to implement > > > > > MicroProfile > > > JWT > > > > > 2.0 support. > > > > > > > > > > There are no new requirements in 2.0 itself. That version was > > > > > largely > > > > > created to communicate MicroProfile overall upgraded from > > > > > Jakarta EE 8 > > > to > > > > > 9.1. > > > > > > > > > > There are a handful of new requirements 1.2 we have yet to > > > > > implement. I > > > > > dug through the spec and made this list: > > > > > > > > > > - TOMEE-3947 Elliptic Curve ES256 signature algorithm > > > > > - TOMEE-3948 Decryption of JWTs using RSA-OAEP and A256GCM > > > > > algorithms > > > > > - TOMEE-3949 Support for JWT audience aud claim > > > > > - TOMEE-3950 Support for JWT token cookies > > > > > - TOMEE-3951 JWT token groups claim is now optional > > > > > - TOMEE-3952 Deprecate RSA keys of 1024 bit length > > > > > > > > > > These all sit as subtasks of this JIRA issue: > > > > > > > > > > - https://issues.apache.org/jira/browse/TOMEE-3946 > > > > > "MicroProfile JWT > > > 2.0 > > > > > Support" > > > > > > > > > > I'm grabbing TOMEE-3947 Elliptic Curve ES256 signature > > > > > algorithm > > > > > > > > > > If anyone would like to work on any of the other items, let me > > > > > know and > > > > > I'll assign it to you. > > > > > > > > > > > > > > > -David > > > > > > > > > > >
