Converge JWK generation for EAR and Simple Tokens #598
Comments
|
One idea is to move RSA keys to EC keys. The document provides a good sktch of benefits of EC keys compared with RSA keys. Btw, I love cryptography things. When EAR pr is on track I can help with this. |
|
Oh yeah moving everything over to EC could be a good solution. I think using the jsonwebtoken crate instead of json is also a good idea. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
EAR and simple tokens are both signed with JWKs, but they use a different implementation to generate the key. Let's make this common code. The tokens currently work a little bit differently, which is why they use different code. First, one uses EC keys while the other uses RSA. Also, one uses the jsonwebtoken crate while the other makes the token out of json. Finally, one uses a set of JWKs while the other just uses one key. These differences can be reconciled.
We might also think about restructuring the interface a little bit to reflect the fact that both tokens are JWTs. The EAR crate does provide a handy method to sign the EAR, but maybe it would make more sense to have a standard JWT broker and have the claims be generated separately. Something to think about.
The text was updated successfully, but these errors were encountered: