Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Simpler token symmetric signing and encryption support #303

Merged
merged 1 commit into from
Aug 27, 2020
Merged

Simpler token symmetric signing and encryption support #303

merged 1 commit into from
Aug 27, 2020

Conversation

sberyozkin
Copy link
Contributor

Fixes #290.

Quarkus users have to manually create SecretKey when they want to sign the token with a password so this PR adds a few shortcuts making it very easy to do.

@sberyozkin sberyozkin added this to the 2.2.1 milestone Aug 25, 2020
MikeEdgar
MikeEdgar previously approved these changes Aug 26, 2020
Copy link
Member

@MikeEdgar MikeEdgar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. One minor duplication if you care to re-factor it.

Comment on lines 146 to 149
private SecretKey createSecretKeyFromSecret(String secret) {
byte[] secretBytes = secret.getBytes(StandardCharsets.UTF_8);
return new SecretKeySpec(secretBytes, "AES");
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate of JwtBuildUtils.createSecretKeyFromSecret (FYI)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Mike @MikeEdgar thanks for spotting it, yes, I recall thinking about, I wanted to keep the build related code as isolated as possible in case we consider in time moving it in its own module, but now I've realized this code really belongs in KeyUtils :-). So I've just moved it there, and will merge shortly, cheers

@sberyozkin sberyozkin merged commit 15dbe42 into smallrye:master Aug 27, 2020
@sberyozkin sberyozkin deleted the secure_jwt_with_secret branch August 27, 2020 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add JWT token sign/innerSign/encrypt methods accepting a secret key as String
2 participants