Comments (6)
Hi @alienintheheights - I'm not finding that class anywhere quickly. Can you provide more information about the code you are referencing here? Where does it exist and how are you seeing the hardcoded values?
from fusionauth-jwt.
I found it by looking at public static List<JSONWebKey> retrieveKeysFromJWKS(String endpoint)
which calls io.fusionauth.http.AbstractHttpHelper
protected static HttpURLConnection buildURLConnection(String endpoint) {
try {
HttpURLConnection urlConnection = (HttpURLConnection) new URL(endpoint).openConnection();
urlConnection.setDoOutput(true);
urlConnection.setConnectTimeout(3_000);
urlConnection.setReadTimeout(2_000);
urlConnection.addRequestProperty("User-Agent", "fusionauth-jwt (https://github.com/FusionAuth/fusionauth-jwt)");
return urlConnection;
} catch (IOException e) {
throw new JSONWebKeySetHelper.JSONWebKeySetException("Failed to build connection to [" + endpoint + "].", e);
}
}
My current workaround is to construct my own HttpURLConnection which I pass to this method instead:
public static List<JSONWebKey> retrieveKeysFromJWKS(HttpURLConnection httpURLConnection) {
But I was hoping to avoid getting that low-level in the client code.
from fusionauth-jwt.
Seems reasonable.
from fusionauth-jwt.
Can you already do this?
For example
JSONWebKeySetHelper.retrieveKeysFromJWKS(HttpURLConnection httpURLConnection);
Maybe not ideal, you'd have to build the connection object, but if you do this, you can specify any time out you like.
Maybe we can add another method that takes a consumer so that you can modify it inline.
from fusionauth-jwt.
Added some additional methods under this comment. baa3457
Will this work for you?
Example usage:
retrieveKeysFromJWKS("https://acme.com/jwks", connection -> connection.setConnectTimeout(5_000));
from fusionauth-jwt.
4.2.0 is released.
from fusionauth-jwt.
Related Issues (20)
- Add support for OAuth2 configuration HOT 8
- Add x5c and verify public key against x5c when extracting a public key from a JSON Web Key HOT 6
- io.fusionauth:fusionauth-jwt:4.0.1 has security vulnerabilities HOT 4
- README improvements
- Upgrade to Java >= 14? HOT 7
- Create a RSASigner.newSHA256Signer which supports PrivateKey instance HOT 2
- Wrong module descriptor HOT 10
- Will Grant Negotiation and Authorization Protocol (GNAP) working code be made available soon? HOT 2
- Embedding JWK does not yield an interoperable result HOT 3
- Overriding "configureMessageConverters" in spring HOT 2
- How to gen a jwk with kid? HOT 3
- 2047 vs. 2048 HOT 2
- Android 7 - Base64 NoClassDefFoundError HOT 1
- Decode expired JWT throws Exception HOT 2
- Best way to pull out "kid" to pick verifier? HOT 4
- Support Function<String,Verifier> for kid mapping HOT 2
- "The JWT could not be de-serialized." HOT 4
- Need Ability to Extend `Header` class HOT 2
- Fix padding on the EC signature when decoding `r` and `s` from the DER encoded value HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fusionauth-jwt.