sberyozkin
commented
1 year ago JWT Propagation on the website is certainly wrong
Open JanWesterkamp-iJUG opened 1 year ago
sberyozkin
commented
1 year ago JWT Propagation on the website is certainly wrong
arjantijms
commented
1 year ago Big +1 for this. I was involved with the 1.0 spec, but even so never understood all the different naming.
jeanouii
commented
1 year ago I agree this should be fixed. Brings all sorts of confusions.
sberyozkin
commented
1 year ago Hi All,
I was involved with the 1.0 spec, but even so never understood all the different naming.
@arjantijms, Ok, so this all stems from the very beginning of the spec, I agree it has to be improved.
But I've no idea why @JanWesterkamp-iJUG attempted to block the 2.1 release. Please keep in mind it is not a one man's effort, you are all welcome to open PRs to various places to improve it as opposed to just saying it has to be done.
sberyozkin
commented
1 year ago Adding @JanWesterkamp-iJUG's comment here:
There is an open regression from the MP 5.0 review that he naming of the spec is highly inconsistent, details can be found in this issue: https://github.com/eclipse/microprofile-jwt-auth/issues/303
As this is a minor release and some of the required fixes may require a major release, none of the deviations are addressed yet (not even the simple ones).
Hope we could fix this and get a Jakarta EE 10 Core Profile based release then, that ensures testing of the component spec is done with the matching platform dependencies (the TCK README.adoc was not updated too and contains outdated dependencies).
Best,
Jan @JanWesterkamp-iJUG, just to make it clear, your comment is welcome, I agree with it. But I'd appreciate some community's help to resolve this inconsistency.
If you or someone else has something concrete in mind - please suggest here. My own proposal is to use MP JWT everywhere
sberyozkin
commented
1 year ago @JanWesterkamp-iJUG Sorry, I see you offered help above:
@dblevins, @Emily-Jiang: I can offer to create PRs to the projects, if you like to.
+1
I would like to suggest a refactoring of this project to use consistent naming.
This project uses deviating names on different locations, i.e.:
This inconsistent naming is confusing, as spec users need to know that these names are synonym!
Some of these deviations might be a result of the projects's evolution, as the original scope got extended over the time (to the original authentication aspects like authorisation and RBAC where added).
My suggestion is to rename the project to simply "MicroProfile JWT" to normalise naming, including (as much as possible) all locations (while maintaining naming conventions on different locations of course). Some of these aspects are resulting in a breaking change and with the upcoming MP 6.0 major release this can be solved properly.
@dblevins, @Emily-Jiang: I can offer to create PRs to the projects, if you like to. But some of the aspects might need additional support.
Originally, this is a finding from the review of MP 5.0, that is not addressed yet: https://github.com/eclipse/microprofile/issues/275