ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (Jira)" <j...@apache.org>
Subject [jira] [Created] (OFBIZ-11187) Use a JWT keyprovider
Date Sun, 08 Sep 2019 08:17:00 GMT
Jacques Le Roux created OFBIZ-11187:

             Summary: Use a JWT keyprovider
                 Key: OFBIZ-11187
                 URL: https://issues.apache.org/jira/browse/OFBIZ-11187
             Project: OFBiz
          Issue Type: Improvement
          Components: framework
    Affects Versions: Trunk
            Reporter: Jacques Le Roux

There are several more or less ways to keep a JWT secret key safe. They are documented [here|https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc]

An even not costly and safer way is [to use a JWT keyprovider |https://github.com/auth0/java-jwt#using-a-keyprovider].
I think we should consider to do something like in the example demonstrated in this page,
and as suggested there:

bq.    "with a simple key rotation using JWKS, try the jwks-rsa-java library."

This message was sent by Atlassian Jira

View raw message