jungm commented on PR #1178:
URL: https://github.com/apache/tomee/pull/1178#issuecomment-2162710500
what really needs a closer look and maybe needs to be discussed:
- JWT Validation is using jose.4.j, this introduces a new dependency in all
tomee flavours (wasn't in webprofile before). Maybe it needs to be added in
some notice file?
- Spec mentions a special variable that can be used in the annotation:
${baseURL}, I implemented this with producing an @Named String
- I built a basic delegate in
OpenIdAuthenticationMechanismDefinitionDelegate that automatically resolves the
configuration from the openid provider
- SavedRequest (originally from @LoginToContinue) has been rewritten so I
can serialize it for use in cookies
- Spec is ambiguous on how to handle subjectTypeSupported,
idTokenSigningAlgorithmsSupported and responseTypeSupported (See
CompositeOpenIdProviderMetadata). A user can override these, but it's not
obvious if that has been done or not. I handled these the same way soteria
does, but it's probably worth a spec issue in the future?
- Requests to openid provider are done using JAX-RS Client, maybe we want to
use something else in TomEE? Really the only reason I chose this was because
it's convenient
(See https://lists.apache.org/thread/sghf41f1z75gpnhpf236o1lrj1sl4vr8 for
whole thread on mailing list)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
