Support JWK key_ops
Issue #78
closed
Just an idea: https://tools.ietf.org/html/rfc7517#section-4.3 describes the JWK "key_ops" parameter that allows a more fine grained control over key usage than the "use" parameter (especially if a key is used for different purposes on the same application). It would be nice if the VerificationKeySelector and JsonWebKeySet#findJsonWebKeys could support filters for the use parameter (i.e. if the "use" parameter is present, VerificationKeySelector requires that the "use" array contains "verify").
Comments (5)
-
repo owner
-
repo owner
- edited description
- changed status to resolved
-
reporter
Thanks a lot Brian!
-
repo owner
You're welcome Daniel.
-
repo owner
- changed status to closed
released with jose4j-0.5.6 on May 12, 2017
- Log in to comment
Haven't seen much demand for the "key_ops" parameter, which was added to JWK very late in the process of becoming an RFC.
#64added very limited support for key_ops by just exposing it on JsonWebKey.JsonWebKeySet#findJsonWebKey[s] was an early and less than ideal way to search though keys. It's kept there for API compatibly but I don't intend to make any enhancements to it.
I can see adding support for key_ops to VerificationKeySelector and the SimpleJwkFilter that backs it. And I'll take a look at doing that. The DecryptionJwkSelector should probably be considered too, which might be a little more tricky.