Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Part of MP 7.0 tasks #322

Closed
2 tasks
Emily-Jiang opened this issue Dec 7, 2023 · 15 comments
Closed
2 tasks

Part of MP 7.0 tasks #322

Emily-Jiang opened this issue Dec 7, 2023 · 15 comments

Comments

@Emily-Jiang
Copy link
Member

In response to the work of MP JWT bridge, some optional parts has been moved to MP JWT Bridge. It will be great if the next release of this spec completes the following tasks to be part of MP 7.0:

  • These optional parts need to be removed from this spec.
  • Re-basing this spec on Jakarta EE 10 Core Profile specifications to allow more runtimes to adopt this specification.
@Emily-Jiang
Copy link
Member Author

@sberyozkin fyi

@sberyozkin
Copy link
Contributor

@Emily-Jiang What is implied by re-basing ? Can you please clarify what has been done in this regard for example in MP Config ?

@Emily-Jiang
Copy link
Member Author

I meant to use the mp parent pom version 3.x

@Emily-Jiang
Copy link
Member Author

@sberyozkin can you confirm whether MP JWT Auth will have a release to be included in MP 7.0?

@sberyozkin
Copy link
Contributor

@Emily-Jiang Sorry, missed it, what is the deadline for doing this release ?

@Emily-Jiang
Copy link
Member Author

Emily-Jiang commented Jan 29, 2024

@Emily-Jiang Sorry, missed it, what is the deadline for doing this release ?

@sberyozkin you need to do the release by May 3rd. Details are here.

@sberyozkin
Copy link
Contributor

Thanks @Emily-Jiang Let me check how updating the pom with the new parent goes, I think we should be able to get some clean up and release it by May 3rd

@Emily-Jiang
Copy link
Member Author

Thanks @Emily-Jiang Let me check how updating the pom with the new parent goes, I think we should be able to get some clean up and release it by May 3rd

@sberyozkin thanks

@sberyozkin
Copy link
Contributor

@Emily-Jiang I see MP Config still using the 2.x parent, https://github.com/eclipse/microprofile-config/blob/main/pom.xml.

Can you clarify please why the MP Config main still on the 2.x parent ?

@sberyozkin
Copy link
Contributor

sberyozkin commented Feb 29, 2024

All candidates for 3.0:

#323 Remove optional spec texts and TCK tests
#319 (Make it clear the preferred_user_name is not unique)
#314 TCK test for the clock skew property
#288 Now is the good time to make RSA-OAEP-256 a default decryption algorithm
#142 RSA key sizes now must be expected to be at least 2048, 1024 is in old past. Perhaps a property can be added to support them if really needed
#327 Allow to retrieve token headers

And consider aligning how the default signature algorithm is supported with the way it was done for the decryption, i.e, if no value is set - both RS256 and ES256 can be accepted

@Emily-Jiang
Copy link
Member Author

@Emily-Jiang I see MP Config still using the 2.x parent, https://github.com/eclipse/microprofile-config/blob/main/pom.xml.

Can you clarify please why the MP Config main still on the 2.x parent ?

Moving up to 3.x requires a major release and also there is a plan to make more update on Jakarta Config. At the moment, the Config team did not invest much on MP Config.

@sberyozkin
Copy link
Contributor

Thanks @Emily-Jiang I'm just not sure that MP JWT should do it without its key dependency, MP Config, not doing it, seems like there should be an alignment across the board

@Emily-Jiang
Copy link
Member Author

Thanks @Emily-Jiang I'm just not sure that MP JWT should do it without its key dependency, MP Config, not doing it, seems like there should be an alignment across the board

You should do it. MP Config is in a unique situation.

@sberyozkin
Copy link
Contributor

@Emily-Jiang Can you explain what exactly will updating MP JWT 3.0 to the MP parent 3.x will give its users ? What other indirect requirements will be implied for MP JWT 3.0, and for the runtimes which will have to run MP JWT 3.0 implementations ?
It is a little bit abstract at the moment.

Thanks

@Emily-Jiang
Copy link
Member Author

Based on the recent conversation here, there is no need to rebase on Jakarta EE 10 Core Profile if you don't need to use any Jakarta EE core profile features. I'm closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants