- changed status to open
Support for Ed25519 Verifier into DefaultJWSVerifierFactory - JWT Processor
Issue #555
open
Hello, I started using DefaultJWTProcessor for token validation, but when I used curve 25519 it didn't support it.
Is it on your roadmap to add this feature? I can help with the implementation.
Comments (1)
-
- Log in to comment
Hi Fabio,
The lack of Ed25519 verifier support comes down to an API choice made some 10+ years ago. At the time the lib was targeting Java 6 and the key selector was chosen to return java.security.Key candidates.
https://www.javadoc.io/doc/com.nimbusds/nimbus-jose-jwt/latest/com/nimbusds/jose/proc/JWSKeySelector.html
Later, support for Ed25519 was added using the Google Tink lib. At that time there was no existing infrastructure in the Java SDK to support EdDSA and the associated keys.
Today the lib targets Java 7. Java 15 introduced EdDSA support.
I think the simplest way to address this case is to add support for new key selectors that return instances of JWK, rather that of java.security.Key.
Perhaps one could also create a separate module / build for Java 15, which will keep the java.security.Key based interface.
If you wish to work on this that would be great and welcome. I haven't analysed the API situation in depth, so what I wrote above if off the top of my head.