Hi,
Sorry for the late reply I somehow missed that question.
When values are injected into the bean, how does the authentication mechanism know how to find those?
Perhaps the confusion is that "SomeAuthMech" is not the authentication mechanism itself. E.g. the developer doesn't have to code an entire authentication mechanism, since that is provided by MP JWT.
So just putting "@JWTAuthenticationMechanismDefinition" somewhere is identical to the current @LoginConfig(authMethod="MP-JWT"), but just with configuration for the key and issuer.
E.g.
@LoginConfig(
authMethod = "MP-JWT",
// Even though specified being only for HTTP Basic auth, JBoss/WildFly/Swarm mandates this
// to refer to its proprietary "security domain" concept.
realmName = "MP-JWT"
)
@ApplicationScoped
public class ApplicationInit {
}
vs
@JWTAuthenticationMechanismDefinition
@ApplicationScoped
public class ApplicationInit {
}
The "@JWTAuthenticationMechanismDefinition" here says exactly the same as the @LoginConfig. The bean "ApplicationInit" is just a place to put the annotation on.
Now the *actual* implementation of the JWT authentication mechanism (say "PayaraJWTAuthMechanismImpl"), could obtain the values using MP Config with the pre-determined key names; either using injection (if it itself is a CDI bean), or by using the lower level MP Config classes.
Having the config as attributes on the annotation would allow for more self discovery though (users can easily see which keys are mandatory and which other options are there).
Kind regards,
Arjan Tijms