- edited description
Consider Reverting removal of JWSVerificationKeySelector#getExpectedJWSAlgorithm
8.18 removes the method JWSVerificationKeySelector#getExpectedJWSAlgorithm to make way for multiple algorithm support: https://bitbucket.org/connect2id/nimbus-jose-jwt/pull-requests/65/accomodate-multiple-algorithms-in/diff#Lsrc/main/java/com/nimbusds/jose/proc/JWSVerificationKeySelector.javaF74
I was surprised that deleting a public method went into a minor release - it, in fact, broke our upgrade to the latest. Was it intentional to remove the method at this time?
One way to move forward while maintaining backward compatibility is re-introducing the method and marking it as deprecated so that it can be removed in a future major release. Its implementation would look something like (psuedocode):
if (singleAlgorithmConstructorWasCalled) {
return jwsAlg;
} else {
throw new UnsupportedOperationException("Since there were multiple algorithms specified, " +
"the behavior of this method is undefined");
}
If removing the method was intentional, then feel free to disregard this issue.
Comments (3)
-
reporter -
reporter Note that while we were able to adjust our project master branch (Spring Security 5.4+) to accommodate the breaking change, this issue is still valuable to resolve since we’d prefer not to apply the same adjustment to our maintenance branches (e.g. Spring Security 5.3.x). I’ve made a PR with the proposed changes.
-
- changed status to closed
Restore getExpectedJWSAlgorithm
To maintain backward compatibility
Closes
#362→ <<cset 2b59e93a6a3b>>
- Log in to comment