search

eclipse / microprofile-jwt-auth

Apache License 2.0
106 stars 59 forks source link

Part of MP 7.0 tasks #322

Closed Emily-Jiang closed 3 months ago

Emily-Jiang commented 6 months ago

In response to the work of MP JWT bridge, some optional parts has been moved to MP JWT Bridge. It will be great if the next release of this spec completes the following tasks to be part of MP 7.0:

Emily-Jiang commented 6 months ago

@sberyozkin fyi

sberyozkin commented 5 months ago

@Emily-Jiang What is implied by re-basing ? Can you please clarify what has been done in this regard for example in MP Config ?

Emily-Jiang commented 5 months ago

I meant to use the mp parent pom version 3.x

Emily-Jiang commented 5 months ago

@sberyozkin can you confirm whether MP JWT Auth will have a release to be included in MP 7.0?

sberyozkin commented 5 months ago

@Emily-Jiang Sorry, missed it, what is the deadline for doing this release ?

Emily-Jiang commented 5 months ago

@Emily-Jiang Sorry, missed it, what is the deadline for doing this release ?

@sberyozkin you need to do the release by May 3rd. Details are here.

sberyozkin commented 5 months ago

Thanks @Emily-Jiang Let me check how updating the pom with the new parent goes, I think we should be able to get some clean up and release it by May 3rd

Emily-Jiang commented 5 months ago

Thanks @Emily-Jiang Let me check how updating the pom with the new parent goes, I think we should be able to get some clean up and release it by May 3rd

@sberyozkin thanks

sberyozkin commented 4 months ago

@Emily-Jiang I see MP Config still using the 2.x parent, https://github.com/eclipse/microprofile-config/blob/main/pom.xml.

Can you clarify please why the MP Config main still on the 2.x parent ?

sberyozkin commented 4 months ago

All candidates for 3.0:

323 Remove optional spec texts and TCK tests

319 (Make it clear the preferred_user_name is not unique)

314 TCK test for the clock skew property

288 Now is the good time to make RSA-OAEP-256 a default decryption algorithm

142 RSA key sizes now must be expected to be at least 2048, 1024 is in old past. Perhaps a property can be added to support them if really needed

327 Allow to retrieve token headers

And consider aligning how the default signature algorithm is supported with the way it was done for the decryption, i.e, if no value is set - both RS256 and ES256 can be accepted

Emily-Jiang commented 4 months ago

@Emily-Jiang I see MP Config still using the 2.x parent, https://github.com/eclipse/microprofile-config/blob/main/pom.xml.

Can you clarify please why the MP Config main still on the 2.x parent ?

Moving up to 3.x requires a major release and also there is a plan to make more update on Jakarta Config. At the moment, the Config team did not invest much on MP Config.

sberyozkin commented 4 months ago

Thanks @Emily-Jiang I'm just not sure that MP JWT should do it without its key dependency, MP Config, not doing it, seems like there should be an alignment across the board

Emily-Jiang commented 4 months ago

Thanks @Emily-Jiang I'm just not sure that MP JWT should do it without its key dependency, MP Config, not doing it, seems like there should be an alignment across the board

You should do it. MP Config is in a unique situation.

sberyozkin commented 3 months ago

@Emily-Jiang Can you explain what exactly will updating MP JWT 3.0 to the MP parent 3.x will give its users ? What other indirect requirements will be implied for MP JWT 3.0, and for the runtimes which will have to run MP JWT 3.0 implementations ? It is a little bit abstract at the moment.

Thanks

Emily-Jiang commented 3 months ago

Based on the recent conversation here, there is no need to rebase on Jakarta EE 10 Core Profile if you don't need to use any Jakarta EE core profile features. I'm closing this issue.