- edited description
Support Multiple Issuers, similar to acceptedAudienceValues
Issue #387
resolved
We are looking to move away from our current JWT framework to Nimbus. Initial Load Test Performance shows about a 25-30% drop in CPU. Liking that! One request is to handle multiple issuers in the Constructor. We have a scenario that allows for our JWKSet to handle multiple Issuers as well as multiple Audiences.
com.nimbusds.jwt.proc.JWTClaimsSetVerifier
private final Set<String> acceptedIssuerValues;
Requesting a new Constructor:
public DefaultJWTClaimsVerifier(final Set<String> acceptedAudience,
Set<String> acceptedIssuer, //New Object to Constructor
final JWTClaimsSet exactMatchClaims,
final Set<String> requiredClaims,
final Set<String> prohibitedClaims) {
This would also require a change to the signature for JWTClaimsSet.getIssuer()
Is that a possibility?
Comments (6)
-
reporter
-
reporter
- edited description
-
Hi Jason,
When looking at the code did you get any ideas how the mod can be done while keeping current APIs intact?
Other than that I don’t see any issues in merging a PR for that.
If you’re interested, we have a contributor who found a way to improve the performance even further:
https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/380/switch-to-java8s-base64-decoder-for
-
reporter
Vladimar,
Thanks for the response. I’ve been tinkering with the code for how to do that with it being nonbreaking change. My next question was to ask if users were allowed to create PRs or if it was a locked repo. I’ll keep up my work and create a PR if that is OK.
Thanks!
-Jason
-
PRs are open. If you have issues submitting a PR, you can also post a patch file.
Thanks!
-
- changed status to resolved
The current DefaultJWTClaimsVerifier can be subclassed to support verification of multivalued "iss" values. Or, this verification can be done in the app code, after the JWTClaimsSet is returned.
- Log in to comment
