You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2019/09/08 08:17:00 UTC
[jira] [Created] (OFBIZ-11187) Use a JWT keyprovider
Jacques Le Roux created OFBIZ-11187:
---------------------------------------
Summary: Use a JWT keyprovider
Key: OFBIZ-11187
URL: https://issues.apache.org/jira/browse/OFBIZ-11187
Project: OFBiz
Issue Type: Improvement
Components: framework
Affects Versions: Trunk
Reporter: Jacques Le Roux
There are several more or less ways to keep a JWT secret key safe. They are documented [here|https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc]
An even not costly and safer way is [to use a JWT keyprovider |https://github.com/auth0/java-jwt#using-a-keyprovider]. I think we should consider to do something like in the example demonstrated in this page, and as suggested there:
bq. "with a simple key rotation using JWKS, try the jwks-rsa-java library."
--
This message was sent by Atlassian Jira
(v8.3.2#803003)