Open rdebusscher opened 6 years ago
I think the use case of a new JWT is more important.
Maybe it is possible to create a new JWT based on the 'securityContext' information we have at that moment. But I guess the JWT Auth spec should define then first how those info can be retrieved from the 'SecurityContext'
The Rest Client should be used to call other MP endpoints, or am I mistaken the goal of this spec? When those other MP endpoints are protected with the JWT auth, they need the JWT in the header. And instead of that everyone invents this over and over again, it can be added to the Rest client.
Within a few weeks, I have more time if you think I can help with this feature. I have done the same for the Octopus framework I maintain.
As I commented on #73, I think propagating the JWT header is good.
With Rest Client 1.2, it is now possible to create and propagate headers that are not part of the client method signature. It is also possible for CDI interceptors to be placed on rest client methods. This should enable the functionality to create/propagate JWT tokens, but perhaps there is still some more that can be done to simplify this for developers.
+1 to further simplify so at least for (MP) JWT tokens, they will be handled automatically. The enhancements in 1.2 are useful in any case. Thanks!
@rdebusscher could you expound on this a bit further? Is it propagating the existing JWT or creation of a new JWT?