Skip to content

Resource Server verifies JWT using JWK #5130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jgrandja opened this issue Mar 16, 2018 · 2 comments
Closed

Resource Server verifies JWT using JWK #5130

jgrandja opened this issue Mar 16, 2018 · 2 comments
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.1.0.M2

Comments

@jgrandja
Copy link
Contributor

Resource Server will initially provide support for verifying the signature (JWS) of a JWT using a JWK obtained from the JWK Set URI.
@jgrandja jgrandja added New Feature in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Mar 16, 2018
@jgrandja jgrandja added this to the 5.1.0.M2 milestone Mar 16, 2018
@dfcoffin
Copy link

When will Resource Server support for simple Bearer tokens be available?

@rwinch rwinch mentioned this issue Mar 16, 2018
Closed
11 tasks
@jgrandja
Copy link
Contributor Author

Opaque token support will likely come after 5.1 is released.

@jzheaux jzheaux self-assigned this Mar 26, 2018
jzheaux added a commit to jzheaux/spring-security-oauth2-resource-server that referenced this issue Mar 29, 2018
@jzheaux
JWK Support
9da5c63 
This commit proves Resource Server's existing support for JWT
validation using a JWK set url as already supported by
NimbusJwtDecoderJwkSupport.

No functionality is added to support this feature as it was already
available through components development for OAuth2 Client.

Fixes: spring-projects/spring-security#5130
jzheaux added a commit to jzheaux/spring-security-oauth2-resource-server that referenced this issue Mar 29, 2018
@jzheaux
JWK Support
f98e91d 
This commit proves Resource Server's existing support for JWT
validation using a JWK set url as already supported by
NimbusJwtDecoderJwkSupport.

No functionality is added to support this feature as it was already
available through components development for OAuth2 Client.

Fixes: spring-projects/spring-security#5130
@jzheaux jzheaux mentioned this issue Mar 29, 2018
Merged
jzheaux added a commit to jzheaux/spring-security-oauth2-resource-server that referenced this issue Mar 29, 2018
@jzheaux
JWK Support
2212043 
This commit proves Resource Server's existing support for JWT
validation using a JWK set url as already supported by
NimbusJwtDecoderJwkSupport.

No functionality is added to support this feature as it was already
available through components development for OAuth2 Client.

Fixes: spring-projects/spring-security#5130
jzheaux added a commit to jzheaux/spring-security-oauth2-resource-server that referenced this issue Apr 10, 2018
@jzheaux
JWK Support
dbec0df 
This commit proves Resource Server's existing support for JWT
validation using a JWK set url as already supported by
NimbusJwtDecoderJwkSupport.

No functionality is added to support this feature as it was already
available through components development for OAuth2 Client.

Fixes: spring-projects/spring-security#5130
jzheaux added a commit to jzheaux/spring-security-oauth2-resource-server that referenced this issue Apr 11, 2018
@jzheaux
JWK Support
36e8b0d 
This commit proves Resource Server's existing support for JWT
validation using a JWK set url as already supported by
NimbusJwtDecoderJwkSupport.

No functionality is added to support this feature as it was already
available through components development for OAuth2 Client.

Issue: spring-projects/spring-security#5130
@jgrandja jgrandja mentioned this issue May 17, 2018
Closed
@jzheaux jzheaux mentioned this issue Jul 3, 2018
Closed
jzheaux added a commit to jzheaux/spring-security that referenced this issue Jul 16, 2018
@jzheaux
Resource Server Jwt Support
2b628f6 
Introducing initial support for Jwt-Encoded Bearer Token authorization
with remote JWK set signature verification.

High-level features include:

- Accepting bearer tokens as headers and form or query parameters
- Verifying signatures from a remote Jwk set

And:

- A DSL for easy configuration
- A sample to demonstrate usage

Fixes: spring-projectsgh-5128
Fixes: spring-projectsgh-5125
Fixes: spring-projectsgh-5121
Fixes: spring-projectsgh-5130
Fixes: spring-projectsgh-5226
Fixes: spring-projectsgh-5237
@rwinch rwinch closed this as completed in 40ccdb9 Jul 16, 2018
@rwinch rwinch added the type: enhancement A general enhancement label May 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.1.0.M2
Development

No branches or pull requests
4 participants
@rwinch @dfcoffin @jzheaux @jgrandja