Comments (7)
When is it planned to release this feature?
from fusionauth-jwt.
Not sure. I need to do some more research to see how much if any of this is possible within the JDK and if any eternal deps are required. If external deps are required I'll probably not implement it in this library and instead make a a separate library to build the additional verifier and signer objects.
from fusionauth-jwt.
As I understand it, current JDKs support this: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8229518
In my opinion, supporting PSS is important, since the asymmetric alternatives have flaws:
RSxxx uses PKCS#1 v1.5 (difficult to implement correct, see recurring problems with Bleichenbacher attacks; PSS solves the problem fundamentally) and ESxx uses ECDSA (possibility of leaking the private key by using a weak random numbers) on NIST curves (http://safecurves.cr.yp.to/).
from fusionauth-jwt.
Thanks for the link @JuliusPC I'll take a look.
from fusionauth-jwt.
It looks like the support is pretty good, I prototyped a verifier. I may be able to get this out shortly.
from fusionauth-jwt.
Committed initial support for these algorithms.
76a9fdd
I need to do some more testing, and make sure the JSON Web Key parsing doesn't need any changes, but so far it looks pretty straight forward.
Using this new algorithms will require the latest Java 8 (>= u251), or later versions of Java.
from fusionauth-jwt.
Available in version 3.5.0.
from fusionauth-jwt.
Related Issues (20)
- Add x5c and verify public key against x5c when extracting a public key from a JSON Web Key HOT 6
- io.fusionauth:fusionauth-jwt:4.0.1 has security vulnerabilities HOT 4
- README improvements
- Configurable timeouts on UrlConnection HOT 6
- Upgrade to Java >= 14? HOT 7
- Create a RSASigner.newSHA256Signer which supports PrivateKey instance HOT 2
- Wrong module descriptor HOT 10
- Will Grant Negotiation and Authorization Protocol (GNAP) working code be made available soon? HOT 2
- Embedding JWK does not yield an interoperable result HOT 3
- Overriding "configureMessageConverters" in spring HOT 2
- How to gen a jwk with kid? HOT 3
- 2047 vs. 2048 HOT 2
- Android 7 - Base64 NoClassDefFoundError HOT 1
- Decode expired JWT throws Exception HOT 2
- Best way to pull out "kid" to pick verifier? HOT 4
- Support Function<String,Verifier> for kid mapping HOT 2
- "The JWT could not be de-serialized." HOT 4
- Need Ability to Extend `Header` class HOT 2
- Fix padding on the EC signature when decoding `r` and `s` from the DER encoded value HOT 1
- thread safety
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fusionauth-jwt.