Spring-boot: Add configurable property for JWK encryption algorithm
OAuth2ResourceServerJwkConfiguration already allows configuring the JWK public key location through spring.security.oauth2.resourceserver.jwt.jwk-set-uri property.
It would be great to also expose the encryption algorithm as a configurable property. The change would simply be a switch from NimbusJwtDecoderJwkSupport(String jwkSetUrl) constructor to NimbusJwtDecoderJwkSupport(String jwkSetUrl, String jwsAlgorithm) one, likely keeping RS256 as a sensible default.
elefeint
All 8 comments
Looks like a sensible addition to me.
/cc @jzheaux
mbhave
on 7 Nov 2018
Hi how can i assign a bug to my self?
sadath42
on 7 Nov 2018
This seems reasonable to me as well.
rwinch
on 7 Nov 2018
@sadath42 It's not possible to assign a bug to yourself, but we'll happily consider a pull-request if you have time to work on one.
philwebb
on 7 Nov 2018
Closing in favor of PR #15145.
mbhave
on 12 Nov 2018
would it be possible to have the property keyValue via @ConfigurationProperties (prefix = "spring.security.oauth2.resourceserver") and a suitable decoder in OAuth2ResourceServerJwtConfiguration. For small quick tests it is easier to put the public key in the property file, as in 1.5.x.
Thinkenterprise
on 30 Jan 2019
@Thinkenterprise It is usually better to open a new issue than to comment on a closed one -- a new issue will get triaged as part of the project's normal workflow.
elefeint
on 4 Feb 2019
Thanks @elefeint, @Thinkenterprise actually did that less than 10 minutes after adding that comment (see #15814).
snicoll
on 4 Feb 2019
Related issues
lievendoclo
路
3Comments
Dasiu
路
3Comments
alimate
路
3Comments
wilkinsona
路
3Comments
zhanhb
路
3Comments
Most helpful comment
Looks like a sensible addition to me.
/cc @jzheaux