Thanks David for the work!
The CI looks good (compared to main):
https://ci-builds.apache.org/job/Tomee/job/TOMEE-4050/
Gruß
Richard
Am Montag, dem 03.10.2022 um 21:47 +0200 schrieb Jean-Louis Monteiro:
> That sounds great.
> Good feature in addition to the bean validation support for claims.
>
That sounds great.
Good feature in addition to the bean validation support for claims.
Thanks David for the hard work on this.
Only missing part is OpenTracaing as far as I know.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Mon, Oct 3, 2022 at 6:58 PM Dav
Hey All,
Provided we can get a good CI build on this PR, we're done with MP JWT and have
some new functionality I'm pretty proud of and had a great time working on.
- https://github.com/apache/tomee/pull/926
The new functionality in a nutshell is the ability to dynamically resolve and
rotate
> On Sep 9, 2022, at 8:29 PM, David Blevins wrote:
>
>> On Aug 30, 2022, at 3:10 PM, David Blevins wrote:
>>
>> I'm digging through the test failures in the MP JWT TCK and one of them is a
>> test verifying support for downloading the keys for verifying JWTs via an
>> http call.
>>
>> The tr
I tried out the MP-JWT 2.1 RC3 TCK today and there are just two more test
failures and three new configuration flags:
- `mp.jwt.decrypt.key.algorithm` property for supporting an RSA-OAEP-256 key
management algorithm has been introduced.
- `mp.jwt.verify.token.age` property for restricting a t
Hi David,
thanks for the update.
I think it is a good idea to look at the (unreleased) JWT 2.1 while
your head is still "in the zone". Mybe you find some corner/edge/we-
dont-like things in the next spec and we can change before it happens.
Regarding your original discussion / question:
I thin
> On Aug 30, 2022, at 3:10 PM, David Blevins wrote:
>
> I'm digging through the test failures in the MP JWT TCK and one of them is a
> test verifying support for downloading the keys for verifying JWTs via an
> http call.
>
> The trick is the test is deploying an application that makes an HTTP
All,
I'm digging through the test failures in the MP JWT TCK and one of them is a
test verifying support for downloading the keys for verifying JWTs via an http
call.
The trick is the test is deploying an application that makes an HTTP request to
itself to get the public key and expects that t