Les Hazlewood
Les Hazlewood
This does not yet support JWKs. That'll be next.
Due to `ServiceLoader` problems with: * file I/O at scale as discussed in https://github.com/jwtk/jjwt/issues/648#issuecomment-1206632743 as well as * ClassLoader problems in JEE environments as discussed in https://github.com/jwtk/jjwt/issues/751 (and perhaps this...
JJWT's early days allowed this for server-side convenience - in case a server wanted to verify a JWS with the private key it had access to. This however encourages poor...
https://datatracker.ietf.org/doc/html/rfc7517#section-4.6 If receiving a JWK with x5u, it must be verified as defined in the above spec section before it can be used. Work to be done in the `jwe`...
Current 0.10.0-SNAPSHOT base (master) has a few of duplicate(ish) interfaces in the `io.jsonwebtoken.io` package that could probably be consolidated with a single functional interface. This would have to be an...
Due to old implementations (before JJWT was modularized), the `io.jsonwebtoken.lang` package in the `api` module contains a lot of classes and methods that aren't needed by JJWT users. For 1.0,...
The current `JwtParser` interface at the time of this issue's creation has mutator methods that enable validation of various claims. The current `require`* methods only enforce that the claim exists...
To allow custom signature algorithms to be plugged in. This is the strategy already taken by the JWE work, we should do the same for JWS. Because this is a...