jjwt icon indicating copy to clipboard operation
jjwt copied to clipboard

Published 20 hours ago verified publisher icon jwtk

Initial JWE support

Open lhazlewood opened this issue 9 years ago • 13 comments

Shared key ( dir ) encryption first, more complicated next.

lhazlewood avatar Apr 13 '16 01:04 lhazlewood

Any timeframe for full JWE support?

Many Thanks, Jeff

jaschenk avatar Jul 20 '16 04:07 jaschenk

Hi Jeff!

That work is being done in the jwe branch. Most of it has been done actually - the current delay is that many of the JWE test vectors are defined in the spec in JWK format, which means.... now we have to support JWK first ;)

So, progress has been good, but we still need to wrap up the JWK and test support to guarantee correct/exact results. If you check out the branch and try it out, feedback is welcome!

Cheers!

lhazlewood avatar Jul 20 '16 15:07 lhazlewood

Test vectors to verify the implementation are here: https://tools.ietf.org/html/rfc7520

lhazlewood avatar Oct 08 '16 00:10 lhazlewood

The last commit in the JWE branch seems to have been about a year ago - is it still alive?

Bragolgirith avatar Aug 31 '17 21:08 Bragolgirith

why readme says jwk is supported if it isnt actually ? JJWT is a Java implementation based on the JWT, JWS, JWE, JWK and JWA RFC specifications.

vicente-valls avatar Nov 14 '17 10:11 vicente-valls

@vicente-valls it says "based on" - it didn't say fully implemented. If you read the README, you'd see that we explicitly indicate that JWE is not yet fully supported:

https://github.com/jwtk/jjwt#currently-unsupported-features

That said, most of the jwe branch is finished, but we still need to fully support JWKs, and this is the only reason why JWE support isn't released. We're working on it, but because this isn't our full-time jobs, it's impossible for us to give a timeline. It'll be done when we can find time between work obligations, family obligations, illnesses, vacations, etc. But it will be completed.

lhazlewood avatar Nov 14 '17 21:11 lhazlewood

@lhazlewood tbh, I dont understand whats the meaning of based on something not implemented. Anyway, it is fine, any open source project takes time as most of times it is done on our free time. FYI I use https://github.com/auth0/jwks-rsa-java/tree/9a3edf250e982a64a6fb2f5a6c8cf35eecc1e780

vicente-valls avatar Nov 15 '17 11:11 vicente-valls

@vicente-valls "based on" means that we use those RFCs (and only those RFCs) to build JJWT - we don't use any other sources. But it does not mean that we've fully implemented the entire specification yet.

This is why we have a "currently unsupported features" section in the README to indicate that we don't yet support 100% of the features. We will eventually support them all - it just takes time.

lhazlewood avatar Nov 15 '17 19:11 lhazlewood

Does 90ade64 provide full JWE support, or is this still a work in progress? Any estimate for a release with JWE support?

dbadia avatar Jan 29 '19 15:01 dbadia

@dbadia it's still a work in progress - I'd say it's about 90% complete. Unfortunately we can't give time estimates since we're volunteers and work on it when our employment isn't consuming all of our time. :)

lhazlewood avatar Jan 29 '19 17:01 lhazlewood

@lhazlewood Understood, thanks for the quick reply

dbadia avatar Jan 30 '19 00:01 dbadia

Amazing to see progress on this issue. ❤️ Just wanted to show appreciation for the hard work on this! 🙏

Mithrandir21 avatar Aug 05 '19 10:08 Mithrandir21

Is there something we can support you with? Any stories/tasks/tests you can delegate?

dirkbolte avatar Nov 25 '19 20:11 dirkbolte