chibenwa commented on PR #2744:
URL: https://github.com/apache/james-project/pull/2744#issuecomment-3005143961
Thanks for the sum up.
To be fairly honest I am not very happy with the current JWT code...
- For JMAP I am unaware of existing user. We could just deprecate this.
- For webadmin signing the claims prior the Webadmin calls is a show
stopper to most people I have been talking to. They resort to unprotected
webadmin on a private netword instead... I think a simpler way to secure
webadmin with static secrets would serve us well.
Remains OIDC for IMAP/SMTP that if I am not wrong relies on Jwks.
> So I see several options:
Thanks for this explanation
> 4. Leave it as is with the new design and full support.
Acceptable. If kid computation is screwed up it will result in 401, and
collision accross kid seems impossible to me.
> 1. Find another way to make the new api work, and remain without the kid
support in the default provider.
I confess that this is what I would prefer...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For additional commands, e-mail: notifications-h...@james.apache.org
