okta-jwt-verifier-java icon indicating copy to clipboard operation
okta-jwt-verifier-java copied to clipboard

Published 20 hours ago verified publisher icon okta

Expose SSLFactory and TrustStore as configuration parameters for the HTTP client

Open DanieleVistalli opened this issue 11 months ago • 0 comments

I'm submitting a

  • [x] feature request

Background info

We are using the okta-jwt-verifier in an enterprise application server and we need to be able to pass to the HTTP client the Application server's very own SSLFactory and TrustManager in order to respect the trusting mechanisms of the appserver.

The application server is extending the JVM default SSLFactory and TrustStore with its own management capabilities.

Expected behavior

We expected to be able to provide to Builders our SSLFactory and trustManager

Something like:

AccessTokenVerifier jwtVerifier = JwtVerifiers.accessTokenVerifierBuilder()
	.setIssuer("https://idp.factor-y.com/oauth2/default").setAudience("api://default") // defaults to
																	// 'api://default'
	.setConnectionTimeout(Duration.ofSeconds(1)) // defaults to 1s
	.setRetryMaxAttempts(2) // defaults to 2
	.setRetryMaxElapsed(Duration.ofSeconds(10)) // defaults to 10s
	.setSSLFactory(mySSLFactory) // <- This should be added
	.setSSLTrustStore(mySSLTrustStore) // <- This should be added
	.build();

where the new methods would be:

  1. setSSLFactory
  2. setSSLTrustStore

What went wrong?

There is not an accessible way to pass down to the http client implementation our own SSLFactory and TrustStore

Library Version

Current version is okta-jwt-verifier-java 0.5.8

DanieleVistalli avatar Mar 06 '24 15:03 DanieleVistalli