Comments (10)
nemonik
commented on July 16, 2024
Each is relevant to the specific implementation, e.g., HMACSHA256 has no relevance to a RSA Signer.
from openid-connect-java-spring-server.
nemonik
commented on July 16, 2024
So doesn't belong in an interface.
from openid-connect-java-spring-server.
jricher
commented on July 16, 2024
No, these values are defined by the JWS specification in a central list and they need to be used as common keys to select signers. They need to be coalesced into a central Enum class.
from openid-connect-java-spring-server.
nemonik
commented on July 16, 2024
We should discuss out of band.
from openid-connect-java-spring-server.
aanganes
commented on July 16, 2024
The issue is that there are several places in the code where (in future) we will need to have services that can get a JwtSigner by algorithm name. In order for that to work smoothly, the algorithm name should be accessible from the interface, not from the implementations. That way I can say "JwtSigner currentSigner = signerService.getSignerByAlgorithm("HMACSHA256")". It would also be useful to be able to retrieve the algorithm name from a JwtSigner whose implementation is unknown.
For right now we are just using a default signer (the RSA one), but further on we will need to be able to retrieve a signer corresponding to the Client's registered preferred algorithm.
from openid-connect-java-spring-server.
nemonik
commented on July 16, 2024
We should discuss offline as the spec permits multiple instances of a specific signer algorithm as i read it
from openid-connect-java-spring-server.
jricher
commented on July 16, 2024
Yes it does, and this doesn't restrict that capability.
from openid-connect-java-spring-server.
aanganes
commented on July 16, 2024
We still need to be able to choose a signer based on the Client's preferred algorithm. signerService.getSignerByAlgorithm() can return a list, and we can have some rule for determining which one to use if we have several. But either way, we need that capability.
from openid-connect-java-spring-server.
nemonik
commented on July 16, 2024
I recognized some needed refactoring an code clean up across the signers responding to issue #5 as I learned more about creating Spring beans writing the client Authentication Filter. My advice would be to the keep the Algorithm enums where they are as they are specific to the individual signers in the purpose that they serve: They map the Spec defined names to the Java Standard cryptographic algorithm names for each respective signer. Each of the signers use the ENUM in their respective afterPropertiesSet-method to instantiate an instance of the algorithm by which the respective class will sign and verify signatures. I do believe you both are correct an enum needs to be in the interface, though. The afterPropertiesSet interface supports an exception being thrown for implementations of this method, and an exception will be thrown if an spec algorithm name is submitted not matching one supported by the signer.
from openid-connect-java-spring-server.
jricher
commented on July 16, 2024
Refactored to JwsAlgorithm enum
from openid-connect-java-spring-server.
Related Issues (20)
- Email case in-sensitive HOT 2
- Incorrect link in documentation
- Missing dependency in OpenID Connect Common, incorrect JaCoCO version and Wro4j Maven plugin exception HOT 2
- Compilation issue HOT 1
- Authentication with Client Secret Basic and Client Secret POST are interchangeable HOT 1
- What version UMA is being currently implemented? 2.0 or 1.0 HOT 1
- Version 1.3.5 not published HOT 1
- Build failure on Java11+ HOT 2
- CVE in openid-connect-client HOT 2
- Obsolete Dependency in Use (Log4j 1.2.x)
- Several CVE's in Trivy analysis
- Error when building whith maven HOT 1
- OpenID Connect with OpenLDAP HOT 4
- Consuming restful api in spring mvc application with a token obtained directly from IDP
- (SomeBody please reply for this, it urgent) It have any code to generate a Verifiable Credential HOT 1
- Problem connecting the LDAP Overlay whith Moodle
- Regarding upgrades & other related supportability of this repo HOT 1
- OIDC certication website: No client configuration found for issuer HOT 1
- BCrypt password encoder not working due to Spring 4
- PKCE code verifier does not respect the RFC 7636
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openid-connect-java-spring-server.