Closed umireon closed 4 months ago
@umireon I had a project going to already significantly overhaul some aspects of the client so threw this in there, let me know if https://github.com/apple/app-store-server-library-java/pull/109 would meet your needs
Yes, that PR implements the exact feature that we need with your library! Thanks!
Version 3.0.0 was just released
Thank you for implementing this ❤️
Background
We think the security of the private key used for JWT signing is important, and we want to use Cloud KMS on Google Cloud with this library. The current implementation of AppStoreServerAPIClient only signs the JWT with the on-memory private key, and we'd like this library to accept injecting arbitrary implementation of JWT signing.
Proposal
We want to add setBearerTokenAuthenticator to the AppStoreServerAPIClient class and refactor BearerTokenAuthenticator into an interface. The existing BearerTokenAuthenticator would be renamed OnMemoryBearerTokenAuthenticator, and it would not be instantiated when the
signingKey
parameter is null. This proposal will enable users to integrate any JWT signing backend, and you don't need to maintain the detailed implementation of the JWT signing.We are eager to contribute by creating a pull request to implement this feature when you agree to this proposition.
Thanks in advance!