Skip to content

Jwk Set Uri Nimbus Jwt Decoder builders should take SignatureAlgorithm #7270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Aug 16, 2019 · 0 comments
Closed

Jwk Set Uri Nimbus Jwt Decoder builders should take SignatureAlgorithm #7270

jzheaux opened this issue Aug 16, 2019 · 0 comments
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.2.0.RC1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Aug 16, 2019

Until Resource Server supports decrypting JWK sets, it doesn't make sense to take algorithms that imply non-public information being sent over via the JWK Set Uri.

As such, JwkSetUriJwtDecoderBuilder and JwkSetUriReactiveJwtDecoderBuilder should only take SignatureAlgorithm. This can be widened later in the future as needed.
@jzheaux jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Aug 16, 2019
@jzheaux jzheaux added this to the 5.2.0.RC1 milestone Aug 16, 2019
@jzheaux jzheaux self-assigned this Aug 16, 2019
jzheaux added a commit that referenced this issue Aug 17, 2019
@jzheaux
Nimbus JWK Set Builders Take SignatureAlgorithm
aa026f8 
Fixes gh-7270
kostya05983 pushed a commit to kostya05983/spring-security that referenced this issue Aug 26, 2019
@jzheaux @kostya05983
Nimbus JWK Set Configs Take SignatureAlgorithm
02ea989 
Fixes spring-projectsgh-7270
kostya05983 pushed a commit to kostya05983/spring-security that referenced this issue Aug 26, 2019
@jzheaux @kostya05983
Nimbus JWK Set Builders Take SignatureAlgorithm
c38424e 
Fixes spring-projectsgh-7270
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.RC1
Development

No branches or pull requests
1 participant
@jzheaux