Les Hazlewood

Hi @mooseburgr - thanks for checking in! It is potentially - but there are a *lot* of changes happening right now in the JWE branch as that is our highest...

Leaving for 1.0 to utilize JDK 8 interfaces.

I'm confused. Even if JJWT doesn't call `getEncoded()`, the JDK signature algorithm implementation itself will call `getEncoded` during the `mac.init(key)` call, producing the same problem, no? In other words, try...

> with a 512-bit secret key that lives in the HSM To the best of my knowledge, most HSMs (Hardware Security Module)s require that the cryptographic computations are performed inside...

It's great to hear that they provide a JCE Provider implementation. JJWT currently gets the bytes to enforce that the key length is greater than or equal to the length...

Just an internal note: This issue could likely be solved with #493, whereby the implementation can avoid key strength assertions.

@pezetem Thanks for the PR! However, it might be a bit before we can address this as the internal builder/parser code is being refactored a bit to prepare for some...

Thanks for the issue! That method is intended to be used for checking strings reasonably expected to be compact JWT strings - not generic JSON. Based on the confusion, it...

Please write the tests in Groovy - we have standardized on it for testing and it's even easier than Java. We won't accept a PR with Java tests or without...

Actually, we can convert the Java to Groovy - I don't want to discourage your PR. If you can though, please try!